Month: May 2022

You never know when a vicious individual or group of people will target your server and launch malicious attacks against you. Fortunately, you can secure your cPanel server to prevent these unwanted assaults.

The cPanel platform alludes to the web-hosting control panel based on UNIX, a multi-user and multi-tasking OS or operating system, which provides a graphical user interface with tools for automation. This panel helps ease the process of website hosting. It utilizes a three-tiered layout providing functionality to website owners, administrators, and resellers. Hence, they can control various aspects of server and site administration using the customary browser.

As a background, the Web Host Manager (WHM) cPanel includes an Application Programming Interface (API) as well as a command line. Said features allow third-party software merchants, developers, and hosting firms to automate traditional system organizational procedures. The cPanel operates as Virtual Private Server (VPS) or dedicated server supporting apps like FreeBSD, CentOS Linux distribution, and Red Hat Linux.

Security as Priority

The cPanel Partner provides the highest preference for security that website owners value very much. For absolute protection, verify the previous version on your server and contact your system administrator. Log in as root and run the proper command. To determine the version your host uses, log into the WHM cPanel and you can see the version at the upper right-hand corner.

Many webmasters consider VPS as an essential tool. You will find VPS with the cPanel shared hosting more cost-effective and promises to be a win-win option for website owners. This system enables you to obtain responsive service without expensive maintenance fees. The application’s features permit users to manage the hosting space as well as domain name through the interface.

Server and cPanel Security

You need server security to safeguard your site and data it contains against cyber attacks and hacking. Secure and update servers on a regular basis to deal with malware, phishing, and hackers. Read the following preventive measures:

• Use strong usernames and passwords together with dependable authentication procedures. These precautionary techniques can help make your accounts less vulnerable to fraud.
• At the same time, understand the usefulness of the two-factor authentication as well as extra security layers. Passwords should have a minimum of eight characters including symbols, numbers, and punctuation marks. Use different passwords for multiple accounts.
• Secure SSH or SSH protocol and sometimes called Secure Shell is a method that safeguards remote logins from one PC to the other. It produces options for consistent authentication and protects communications flow with powerful encryption.
• Use SSH instead of unreliable file transfer processes like File Transfer protocol (FTP) or unprotected login systems such as remote logins.
• Update your Operating Systems frequently (within a few hours following critical updates) as well as your control panels. Avoid disclosing confidential information to anyone unless you trust the person fully.
• Do not install untested software or save backups and old software versions on your production system. Likewise, limit access to your directories with proper permissions.
• For web application security, sign up for any notifications about updates on web applications. Update the apps without delay and scan each one with remote security implements.
• Use a firewall for web apps. Check the file upload fields to make sure the code cannot be uploaded. Choose coding structures with positive security history.

Protection of your cPanel will require securing uploaded files employing File Transfer Protocol Secure (FTPS) or SSH File Transfer Protocol (SFTP). FTP without Security Sockets Layer (SSL) does not have the capacity to encode your login data or files that must be transferred.

In other words, the information or files can be captured and altered by hackers. Many web hosts and file transfer apps support highly secure techniques in transferring these files like the Secure FTPS connection.

Security will always be one of the most vital facets in hosting particularly with the emergence of Denial-of-Service cyber-attacks where perpetrators try to make the computer or network resources unavailable to users by disrupting services or host connection to the Internet momentarily or indefinitely.

Another threat comes from Brute Force cracking which refers to the trial and error procedure adopted by programs to decipher encrypted information like passwords and Data Encryption Standard keys.

Detailed Explanation of SSH Access and Apache

Wise website owners or administrators control SSH access while setting up new cPanel servers as protection against Brute Force attacks. To contain Brute Force utilizing the root account, immobilize the root login by logging in as regular user and choose either sudo or su.

Another option could be to alter the default SSH port. Shift the SSH access to an entirely different port and discourage unknown parties from identifying your server or detecting your SSH port.

Step 1: Login to WHM as root and create a new account (WHM>Account Functions>Create a New Account.

Step 2: Determine if the new user account has shell access (WHM>Account Functions>Manage Shell Access).

Step 3: Then add the new user account to the “Wheel Group” (WHM>Security Center>Manage Wheel Group Users).

Step 4: Use an SSH client, such as Putty, to connect to your server on port 22 and authenticate yourself using the newly created account.

Step 5: Issue this command in order to become root:

       # su – root

Step 6: Then edit the SSH daemon configuration file using “vi” (or any other text editor).

       # vi /etc/ssh/sshd_config

Step 7: Look for the line that says:

       #PermitRootLogin yes

Step 8: Change the value of that line to “no”.

       PermitRootLogin no

Step 9: Look for the line that says:

       Port 22

Step 10: Indicate a new unused port for the SSH daemon. Contact your hosting provider for suggestions to determine whether or not the port is blocked by their network’s firewall.

Step 11: Save the file and exit the editor.

Step 12: Restart the SSH service.

       # service sshd restart

Step 13: Terminate your SSH session by issuing the “exit” command two times.

Secure the Apache platform installation. A very effective tool to stop malicious use of Apache is called ModSecurity™.

• Users of cPanel & WHM version 11.44 and earlier can install it on Add on Modules in the cPanel section of WHM. Find more information regarding mod security at http://www.modsecurity.org/.
• Users of cPanel & WHM version 11.46 and later can use the following interfaces to manage ModSecurity™:
  • WHM’s ModSecurity™ Tools interface: (WHM>Home>Security Center> ModSecurity™ Tools).
  • WHM’s ModSecurity™ Configuration interface: (WHM>Home Security Center> ModSecurity™ Configuration).
• Include suEXEC when you compile Apache to guarantee that CGI apps and scripts function as the user owning or executing them. This strategy helps pinpoint possible malicious scripts as well as imposes permission and environmental controls.

One alternative can be to compile Apache plus PHP with PHP suPHP compelling all scripts to operate as the user owning that particular script. Thus, you can discover PHP scripts that run on the server. It is possible to identify the malicious owner and address the concern right away.

To put together Apache and PHP with PHP suPHP, look for the suPHP selection located in the Apache upgrade interface at the Web Host Manager or while running /scripts/easyapache from the command language interpreter or command line user interface.

At this point, you may set up an SSH connection to your web server making use of the newly-identified port to ensure an active configuration. Or, utilize the SSH keys rather than the normal under name and password authentication to get into the server.

If you choose the SSH keys, disable the password authentication – WHM>Security Center>SSH Password Authorization Tweak.

Configuration Server Security and Firewall

Install a firewall. This is crucial for a dedicated server regardless of whether you are resellers or not. Try to consider Config Sever Security or CSF. It stands for a free firewall plug-in designed for cPanel as well as Webmin and DirectAdmin. CSF can conduct a security inspection and provide appropriate recommendations in improving server security. After installing CSF, you can gain access through WHM>Plug-ins>ConfigSeverSecurity & Firewall.

Install anti-virus software. Although viruses do not really target the Linux OS, the use of an anti-virus still yields advantages since the practice will prevent your visitors from distributing viruses unintentionally to the websites of other users. Majority of such viruses detected by this software were meant to infect Windows PCs and not the Linux servers. One effective antivirus solution is the Clam AV that integrates with cPanel and Config Sever Security.

Step 1: Log in to Web Host Manager as root.

Step 2: Go to cPanel>Manage Plug-ins from the main menu.

Step 3: Choose Install and Keep Updated in the Clam AV box.

Step 4: Click Save.

Configure Clam AV by proceeding to: WHM>Plug-ins>Configure Clam AV Scanner.

You may enable protection for PHP to prevent browsers from opening any files that do not belong to the PHP’s home directory. This is possible using Tweak Security within the WHM. At the same time, lock down the system compilers. Many users do not use C as well as C++ compilers.

Go for Compilers Tweak within the Tweak Security in WHM in turning of the use of compilers for unauthorized users. Another option could be to disable them for selected users. A lot of pre-packaged exploits call for working compilers. Disabling these compilers will help secure against numerous exploits.

Conclusion

You can always find a plethora of reliable information in the worldwide web about security for your cPanel, website information, and server. Here is the good news for cPanel users. It is less difficult to protect your data if you opt for this type of control system. By following these pointers, you minimize your susceptibility to such attacks and enhance the overall protection of your system promptly.

Even as you can reduce the threats, this may not pose a total remedy so optimization should be part of your approach complemented by due diligence and frequent updates. Try to stay on the progressive side of cPanel security so your website and business will be safe for many years.

This guide will show you how to update and configure Apache, PHP and MySQL on a cPanel web server so that you can resell hosting services to your clients.

Apache

The Apache (HTTP Server) refers to a cross and open-source platform software that follows the Apache License 2.0. A community of developers under the patronage of the Apache Software Foundation created and maintain said program. As of June (2017), around 92% of the HTTP server copies function on Linux distributions. The Version 2.0 facilitated support for OS not under UNIX like Windows and OS 2. Apache’s older versions were connected to the NetWare and Open VMS computer network operating systems.

PHP

PHP means a server-side scripting type of language originally for website development but later on used as programming language with a general purpose. You can embed PHP codes into Hypertext Markup Language (HTML or HTML 5). PHP can be combined with different web template as well as content management systems, and web frameworks.

A PHP interpreter processes the code and implements it as module in the server or the executable Common Gateway Interface (CGI). This server software puts together the results of interpreted and implemented PHP Code. It can include any kind of data like images with the generated page. The code may be accomplished using a Command Line Interface (CLI) for implementing separate graphical apps.

MySQL

MySQL is an open-source relational (relation of syntax) database management system or RDBMS. It is a central element of the LINUX, APACHE, MYSQL, and PERT/PHP/PYTHON or LAMP. It is considered as the most popular open-source database globally which allow cost-efficient delivery of dependable, scalable, and high-performance web-based as well as embedded structured set of data applications.

LAMP and WAMP

LAMP comprises a standard or conventional model of web service protocol stacks. The protocol stack defines, detects, conducts, and facilitates interaction between different web services. LAMP elements are not confined to the original collection and remain essentially interchangeable. This stack can build dynamic websites and web apps. The model was modified to fit other components by means of other open-source software.

WAMP (Windows, Apache, MySQL, and PHP) emerged as a deviation from LAMP for Windows and frequently installed as software package for web development as well as internal tests or serve live websites. Apache is the crucial component of WAMP and runs on the local server on any Windows device. Web developers can test pages in a web browser without having to publish these pages online.

So far, PHP and MySQL comprise the two most prevalent technologies to build vibrant and motivating websites. The two open-source components along with Apache may be installed separately or together. The “WAMP Server” represents one well-liked package capable of providing an easy to use method of installing and configuring AMP elements on Windows.

Apache Server

A joint software development initiative described as the Apache HTTP Server was designed to create a sound and commercial-grade implementation of HTTP web server complete with extra features and free implementation of source codes. Volunteers worldwide managed the project utilizing the Internet in planning, communicating, and developing the Apache Server together with pertinent documentation.

Due to its popularity, the Apache HTTP Server serves more than 46% of all existing sites. PHP and MySQL turned out as the basis of many portals which include one of the most preferred platforms, WordPress. You will eventually find out the process of updating and configuring these elements in a cPanel server for the process of reselling hosting services to your clients.

Upgrading of cPanel

It is not compulsory to improve cPanel in configuring web services. Nonetheless, experts recommend the use of the most recent Web Host Manager (WHM) version because it ascertains updating of software packages required by the server.

Step 1: Login to the Web Host Manager (http://[yourserver’sIPaddress]:2083 or [http://your server’s IP address]:2087).

Step 2: Locate the main menu.

Step 3: Click on cPanel>Upgrade to the latest version.

Step 4: Hit Click to Upgrade. The process will only take several minutes.

Upgrading of MySQL

In specific circumstances, the default installation of the MySQL Server might be obsolete. Thus, it is advisable to conduct an upgrade ahead of actual website hosting and avert unnecessary downtime as well as broken databases. You might consider performing this upgrade prior to updating PHP.  With this move, you can compile with the correct MySQL libraries.

Step 1: Login to the WHM.

Step 2: Look for the main menu.

Step 3: Click on the Software> MySQL Upgrade.

Step 4: Choose the most recent constant version of MySQL (currently 5.5) and click on Next.

Step 5: WHM will give a warning regarding possible issues in upgrading MySQL. Check the warning boxes and click on Continue.

Step 6: On the following page, WHM will ask about handling the upgrade. Choose, “I will manually rebuild Apache and PHP when the MySQL upgrade is completed.” Click on Continue.

Step 7: The upgrade may take time which depends on the server’s performance.

Updating Apache and PHP

You can look forward to a straightforward configuration of Apache, MySQL, and PHP on a cPanel. This panel provides an installation genius called EasyApache that will serve as guide through installation and compilation of Apache and PHP.

Step 1: Login to WHM.

Step 2: Choose Software> EasyApache from the main menu.

Step 3: Choose the previously saved Config from the list of profiles and click on Start customizing based on profile.

Step 4: Look for the latest consistent version (currently 2.4.6) of Apache. Click Next Step button.

Step 5: Look for the latest consistent version (currently 5.4.19) of PHP. Click Next Step button.

Step 6: You will see several options in the next page. Scroll down to the bottom of the page. Click Exhaustive Options List.

Step 7: Choose the options and click Save and Build once finished.

Apache Built-in Modules:	Other Modules:	PHP:
Asis	IonCube Loader	Bcmath
AuthnDefault	Mod Bandwidth	Mz2
Deflate	Mod Cloudflare	CGI
Env	Mod Security	Calendar
Expries		CurlSSL
Mod FCGID		Curlwrappers
Fileprotect		Exif
Headers		FTP
MPM Prefork		GD
MemCache		Gettext
Mod SuPHP		Iconv
Proxy		Imap
UniqueID		Mbregex
Version		Mbstring
		Mcrypt
		Mysql
		Mysql of the system
		MySQL “Improved” Extension
		Openssl
		POSIX
		Path Info Check
		Pear
		PGsql (Optional – if you plan to provide PostgreSQL support)
		Phar
		Pspell
		SOAP
		SQLite 3
		Safe PHP CGI (optional)
		Sockets
		System Timezone
		TTF (FreeType)
		Tidy
		XmlRPM
		Zip
		Zlib
		Save my profile with appropriate PHP 5 options so that it is compatible with cpphp

It is important to note that depending on whether you are using a VPS or a dedicated server, some of these options may or may not be available.

The process of creating Apache and PHP usually takes longer particularly on the VPS. Avoid closing or refreshing your browser. The process will keep on running in the background if you lose your connection to the WHM even before the development is completed. You may have to install the other modules for individual requirements.

Configure PHP and suEXEC

Change the default PHP handler after you finish building Apache and PHP.

Step 1: Click Service Configuration >Configure PHP and suEXEC from the main menu of WHM.

Step 2: Fix the default version of PHP to 5.

Step 3: Choose suphp as the PHP 5 Handler.

Step 4: Turn on suEXEC.

Step 5: Click Save New Configuration.

When you enable suphp, all files created through the process will become part of the user account instead of the user account that runs Apache. This preventive approach will preclude malicious scripts from gaining access to files in other users’ directories. Apache suEXEC permits users to run both SSI and CGI programs under their users rather than the user ID maintaining the HTTP process averting possible security problems.

Need for Web Services

Industry experts cite the need for integration of unrelated systems and sharing of business sense inside and outside any enterprise. Website services control or shape the economic benefits as well as interoperability of Extensible Mark-up Language or XML. However, these services call for a system of more network and computing services compared to previous systems. The action slows down performance and waste valuable resources.

Highly-efficient website services can achieve the following:

• Improve web service throughput significantly.
• Enhance use of network and scalability.
• Unclog overcrowded networks.
• Allow the web service to be utilized economically instead of slow and bandwidth-restricted networks.

The plug-in includes cost-effective XML capabilities to the present service platform without having to add, alter, or replace one line of codes. Upon installation and configuration, it automatically detects and makes use of an efficient XML or EXI when available but reverts to the old XML if it is not available. There are multiple features and upsides which include the following:

• Fundamental and straightforward configuration
• No code changes in applications
• Interoperability
• Enhanced application performance

The Advantages of cPanel

The cPanel ensures a seamless client interface which promises easy navigation using an icon-based menu on the main web page and links users to essential features the control panel offers. This hosting control panel supports majority of operating systems for servers. Nearly all web hosting providers opt for cPanel which remains as the biggest trademark in the hosting control panel business. The panel provides clients with familiarity and peace of mind due to the system’s stability.

Industry stakeholders point to this control panel as a low-priced solution if bought in a data center. A number of dedicated service suppliers partnered with cPanel for cheaper licenses. The panel allows easy incorporation of third-party apps into control panel software. On the other hand, cPanel Pro represents an add-on for the control console including a fixed support submission form. Finally, cPanel ensures easy navigation which many design firms have realized and use to their advantage.

Hosting providers provide auto installers or packages devoted to popular content management systems such as WordPress. You can access cPanel by using https on the port 2038 or basically affixing “c/panel” at the end of the host name. Administrators together with end-users have the capability to regulate the various aspects of servers and websites directly through their respective browsers. Tools are provided to make operations in controlling a website simpler and allowing website control.