As security is a journey and not the destination so it is vital to review the logs regularly and harden your Servers. Securing your CPanel/WHM Server is also essential and make sure that your/customer hosting services are available all the times. This article is based on cPanel WHM-based Linux servers.
Here are a few basic steps that you should keep in mind for keeping a server secure.
Managing Shell Access
Go to Security Center > Host Access Control and only allow sshd service from authorized IP Addresses. It is also good idea to utilize external firewall if you are hosting your Server in Linode, Hetzner cloud where you get additional Firewall feature without any additional cost. In another article, I will go through protecting access with ssh keys and disable password authentication.
cPHulk Brute Force Protection
The cPHulk service provides protection against brute force attacks. The cPHulk monitors web servers and following services.
- cPanel Service – 2083
- WHM Service – 2087
- Mail Services (Dovecot and Exim)
- Secure Shell (SSH) access
To enable and configure that feature, Go to WHM >> Home >> Security Center >> cPHulk Brute Force Protection. Make sure that cPHulk feature is enabled. You can change default configuration and adjust according your requirements.
One more nice feature is to Blacklist Countries and the above-mentioned services won’t be facilitated from those countries.
WHM Security Advisor
This scan your server for viruses and security weaknesses. It identifies a potential security threat and prompts that how to resolve each issue.
To run the scan, go to WHM >> Home >> Security Center >> Security Advisor
You are going to see various recommendations, information and verifications about enabled rules.
Function allows you to configure two-factor authentication (2FA) interface of cPanel & WHM. After you enter your password, you must enter a security code.
To enable that go to WHM >> Home >> Security Center >> Two-Factor Authentication
Once you enable that option, you will be prompted for setting up Authenticator at next login.
SMTP Restrictions is a feature in WHM that stops users from bypassing the mail server to send mail. This service is useful because bypassing mail servers is a common practice of spammers
To enable that go to WHM >> Home >> Security Center >> SMTP Restrictions
Also Go to Tweak Settings, here is a complete list of tweaks – https://docs.cpanel.net/whm/server-configuration/tweak-settings/96/