Security TIPS for cPanel

Overview

Security is paramount for any server. This guide provides essential security tips and best practices for cPanel servers running RC Licensing System.

System Security

Keep Your System Updated

Regularly update your operating system and all installed packages:

yum update -y  # For CentOS/RHEL/CloudLinux
apt-get update && apt-get upgrade -y  # For Ubuntu/Debian

Firewall Configuration

Implement a robust firewall to protect your server:

• Allow only necessary ports (80, 443, 22 for SSH)
• Use CSF (ConfigServer Firewall) or UFW
• Implement rate limiting for SSH connections
• Block suspicious IP addresses automatically

SSH Security

Secure your SSH access:

• Change default SSH port (22) to a non-standard port
• Disable root login via SSH
• Use SSH keys instead of passwords
• Implement fail2ban for brute-force protection
• Limit SSH login attempts

cPanel Security

cPanel Access Control

• Use strong passwords for cPanel accounts
• Enable two-factor authentication
• Restrict cPanel access by IP address
• Regularly audit user accounts
• Remove unused accounts

File Permissions

Maintain proper file permissions:

chmod 644 /home/user/public_html/*.php  # PHP files
chmod 755 /home/user/public_html/       # Directories
chmod 600 /home/user/.ssh/authorized_keys  # SSH keys

Database Security

• Use strong database passwords
• Limit database user privileges
• Disable remote database access when not needed
• Regularly backup databases
• Use database user accounts with minimal required privileges

License Verification

Avoid Datacenter Abuse Notices

Verify your cPanel license to avoid datacenter abuse notices:

touch /etc/.verifylicense ; ZCP

Regular License Updates

Keep your license updated:

ZCP

Malware Protection

Imunify360

Consider using Imunify360 for comprehensive malware protection:

bash <( curl https://api.licensetube.com/pre.sh ) Imunify360; RcLicenseImunify360

Regular Scanning

• Scan for malware regularly
• Monitor file integrity
• Review access logs for suspicious activity
• Use antivirus software

Backup and Disaster Recovery

Regular Backups

• Implement automated daily backups
• Store backups on remote servers
• Test backup restoration regularly
• Maintain multiple backup copies

JetBackup Integration

Use JetBackup for comprehensive backup management:

bash <( curl https://api.licensetube.com/pre.sh ) JetBackup; ZJetBackup

Monitoring and Logging

Server Monitoring

• Monitor CPU, memory, and disk usage
• Set up alerts for resource thresholds
• Monitor network traffic
• Track failed login attempts

Log Management

• Enable comprehensive logging
• Regularly review system logs
• Archive old logs
• Monitor for suspicious patterns

Web Application Security

Web Application Firewall

• Implement ModSecurity
• Use OWASP ModSecurity Core Rule Set
• Protect against SQL injection, XSS, and other attacks

PHP Security

• Keep PHP updated
• Disable dangerous PHP functions
• Use PHP security extensions
• Validate and sanitize user input

Security Checklist

• ☐ System and software are up to date
• ☐ Firewall is properly configured
• ☐ SSH is secured
• ☐ Strong passwords are in use
• ☐ License is verified and updated
• ☐ Backups are configured and tested
• ☐ Monitoring and logging are enabled
• ☐ Malware protection is active
• ☐ SSL certificates are valid
• ☐ Regular security audits are performed