MJWebhosting.com

[Admin]

From - http://blog.webhosting.uk.com/2006/06/0 ... ur-server/

A Beginner’s Guide to Securing Your Server Part 1 of 3 (Security Inside WHM/CPanel)

These are items inside of WHM/Cpanel that should be changed to secure your server.

Goto Server Setup =>> Tweak Settings

Check the following items…

Under Domains - Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail - Attempt to prevent pop3 connection floods

Default catch-all/default address behavior for new accounts - blackhole

Under System - Use jailshell as the default shell for all new accounts and modified accounts


Goto Server Setup =>> Tweak Security

php open_basedir Protection - Enable

mod_userdir Protection - Enable

Compilers for unprivileged users - Disabled


Goto Server Setup =>> Manage Wheel Group Users

Remove all users except for root and your main account from the wheel group.


Goto Server Setup =>>Shell Fork Bomb Protection

Shell Fork Bomb/Memory Protection - Enable

When setting up Feature Limits for resellers in Resellers=>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.


Goto Service Configuration =>> FTP Configuration

Anonymous FTP - Disable


Goto Account Functions =>> Manage Shell Access

Shell Access for all users (except yourself) - Disable


Goto Mysql =>> MySQL Root Password

Change root password for MySQL


Goto Security and run Quick Security Scan and Scan for Trojan Horses often.
The following and similar items are not Trojans:

/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod