cPanel Server Security & Optimization Services

This comprehensive cPanel server service can be provided for most Linux (not FreeBSD) platforms running cPanel  We partner and work close together with Configserver.com for the installation, configuration and testing of each component of the service. We do not use scripts to perform this work (as some providers do) but perform each task by hand to ensure it is correctly installed and configured to your servers requirements.

The aim of this work is to help:

• Secure your server from attack
• Perform server tuning to better cope under load
• Provide relevant regular information from your server to identify any security breaches or anomalous behaviour
• Check for existing exploits installed or running on the server

The Service Package detailed

• ConfigServer eXploit Scanner. cxs is included free with our cPanel Service Package
• iptables SPI firewall (csf) ** csf is a full featured SPI (Stateful Packet Inspection) iptables firewall configuration application written by ourselves
• Login failure detection (lfd) lfd is integrated with csf to block hacking attempts from your internet facing services and detects system intrusions/rootkits
• Stop unnecessary processes
• Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running
• Log Scanner: Log Scanner is part of lfd and is configured to send you logs file emails once per hour using regular expression matches on the major server log files
• Logwatch Logwatch is a daily report that summarizes the information contains in the major server log files
• WHM configuration check & WHM configuration options are checked for security and performance configuration and changes where deemed appropriate
• OpenSSH check. OpenSSH is checked to ensure only SSHv2 protocol is enabled
• Switch proftpd to pure-ftpd. Pure-ftpd is considered more secure and lighter on server resources compared to proftpd on cPanel servers
• Rootkit Hunter. Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation
• Chkrootkit. Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach
• ModSecurity **** mod_security apache module is a security layer in apache that helps prevent exploitation of vulnerable web scripts. We will install and configure the optional cPanel ModSecurity Apache module and include a set of effective rules
• ModSecurity Control. With ConfigServer ModSecurity Control you can:
  • Disable mod_security rules that have unique ID numbers on a global, per cPanel user or per hosted domain level
  • Disable mod_security entirely, also on a global, per cPanel user or per hosted domain level
  • Edit files containing mod_security configuration settings in /usr/local/apache/conf
  • View the latest mod_security log entries
• Host spoof protection. Helps prevent IP spoofing and DNS cache poisoning
• Operating System check. Check to ensure that the servers OS is updating and, if not, an update is run
• Name server check. If the name server (bind) is running, check that it is functioning correctly and enable local DNS lookups
• Disk check. Ensure disks are correctly mounted and clean up any old files to free space where possible
• Kernel check. Check that the correct kernel is installed and upgrade to the OS vendors latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation) *****
• Apache tune and check ***.Check that Apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary.
• MySQL tune and check *** Check that mysql is correctly configured and tuned for your servers requirements
• Enhanced log rotation. Not all server logs files are correctly rotated on a default cPanel server, so we add rotation options to logrotate to ensure that they are correctly rotated to help disk performance and application stability
• Secure /tmp /var/tmp/dev/shm
• Check temporary file permissions, ownership and contents. Remount noexec and nosuid where possible
• ConfigServer ModSecurity
• Control (cmc).cmc allows you to control the disabling of mod_security rules by their ID on a global, per user and per domain level
• ConfigServer Explorer (cse). cse allows you to browse your disk structure and directories and perform shell tasks from within WHM which can be very helpful if SSH fails for any reason
• ConfigServer Mail Queues (cmq).cmq allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails awaiting delivery
• ConfigServer Mail Manage(cmm). cmm allows you edit view and manage client email accounts and quotas from within WHM without having to log into their cPanel account. The product provides you with an interface to the cPanel user accounts email configuration without having to login to their accounts. It is domain based rather than account based and allows you to do all the following from within WHM:
  • View, edit and delete email accounts
  • View, edit and delete email forwarders
  • View, edit and delete email filters
  • View and modify email account quotas
  • Modify email account passwords
  • Modify Outgoing Mail Hourly Limits
  • List only email accounts that are overquota (or over a specified percentage)
  • List only email accounts that are over a specified size
  • View the total number of emails in an email account
  • Empty an email account
  • View emails in an email account
  • Individually delete emails in an email account
• Perl installation check. Check that perl is correctly configured and that it is the latest version and upgrade if necessary
• Delete unnecessary OS-users. On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk
• Disable open DNS recursion. Protection against abuse and poisoning of your local DNS cache if DNS server (bind) is running on the server
• Enhanced path protection. Help protect against clients and hackers browsing and accessing files outside of their account directories
• Remove SUID/GUID binaries. On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk
• PHP hardening. Dynamic Library loading is disabled, commonly abused php functions disabled, user defined php.ini files disabled if suPHP is already enabled - to help prevent hackers exploiting vulnerable PHP web scripts
• Suhosin **** Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core
• Exploit Scan and Summary. A check of installed web scripts for known hacking scripts which highlight exploited web applications. Also checks in commonly abused disk directories such as /tmp and /dev/shm for any active exploits as well as a scan of all running processes. If exploits are found on the server, the compromised account can be suspended and we will notify you of the location of the exploits - this does not include restoring any compromised web files
• Disable BoxTrapper. Having boxtrapper enabled can very easily lead to your server being listed in common RBLs and usually has the effect of increasing the overall spam load, not reducing it.
• Initial cPanel configuration. If cPanel has just been installed but not configured we can do this for you
• Enable CPHulk.  a service that provides protection for your server against brute force attacks
• Tweak PHP configuration
• MailScanner Front-End. The MailScanner Front-End is included with the cPanel Service Package + MailScanner package