Secure Your Server Use Secure Passwords Use passwords with at least 8 characters, including a mix of alphanumeric and special symbols. Avoid dictionary words and significant dates. Configure password options in /etc/login.defs . Secure SSH Enable public key authentication and disable password authentication. Change the default SSH port from 22 to a non-standard port to reduce detection by potential attackers. Secure Apache Securing your Apache installation is crucial for protecting against malicious use. A key tool for this is mod_security , which can be installed via Addon Modules in the cPanel section of WHM. For more details on mod_security, visit cPanel’s documentation . When compiling Apache, include suexec to ensure CGI applications and scripts run with the permissions of their owner, which helps in identifying and controlling malicious scripts. Similarly, compile Apache and PHP with PHPsuexec to ensure PHP scripts run under their respective owners, making it easier to track and manage script ownership. To enable PHP's open_basedir protection, which restricts PHP scripts from accessing files outside their designated directories, go to the Tweak Security section in WebHost Manager. Secure /tmp Partition Use a separate /tmp partition mounted with nosetuid and noexec for additional security. Run /scripts/securetmp to enhance protection. Upgrade to Maildir Format For better performance and security, upgrade to Maildir format using /scripts/convert2maildir . Back up your mail before converting. Lock Down Compilers Disable C and C++ compilers for unprivileged users using the Compilers Tweak in WHM to prevent exploits that require compilers. Turn Off Unused Services Disable unnecessary services and daemons to minimize attack vectors. Check /etc/xinetd.conf for daemons and use the Service Manager in WHM for services. Monitor Your System Staying informed about your system's status is essential for maintaining security. Regularly monitor for new accounts, software installations, and updates to ensure everything is functioning correctly. Use commands like: netstat -anp : Identify unauthorized programs attached to ports. find / \( -perm -a+w \) ! -type l >> world_writable.txt : Check for world-writable files and directories that could be exploited. find / -nouser -o -nogroup >> no_owner.txt : Find files without proper ownership to secure access. ls /var/log/ : Review system logs, Apache logs, mail logs, and other logs to track system activities. Additionally, employ tools to detect and monitor potential threats: Tripwire : Monitors file checksums and reports changes. Chrootkit : Scans for common rootkits and backdoors. Rkhunter : Searches for rootkits and backdoors. Logwatch : Provides daily system activity reports. Enable a Firewall Install and configure a firewall to restrict unauthorized access. ConfigServer Firewall (CSF) is a recommended addon for WHM. Stay Up to Date Keep your system and software updated to address security vulnerabilities. Regularly update cPanel/WHM, user applications, and system software. Install ClamAV Antivirus Install ClamAV for detecting Trojans, viruses, and malware. Set it up for daily scans to ensure ongoing protection. For further guidance on securing your server, refer to the relevant documentation and tools for each component.

Make cPanel/WHM VPS more Secure

Freya VPS Hosting Team

Secure Your Server

Use Secure Passwords
- Use passwords with at least 8 characters, including a mix of alphanumeric and special symbols. Avoid dictionary words and significant dates. Configure password options in /etc/login.defs.
Secure SSH
- Enable public key authentication and disable password authentication. Change the default SSH port from 22 to a non-standard port to reduce detection by potential attackers.
Secure Apache
Securing your Apache installation is crucial for protecting against malicious use. A key tool for this is mod_security, which can be installed via Addon Modules in the cPanel section of WHM. For more details on mod_security, visit cPanel’s documentation. When compiling Apache, include suexec to ensure CGI applications and scripts run with the permissions of their owner, which helps in identifying and controlling malicious scripts. Similarly, compile Apache and PHP with PHPsuexec to ensure PHP scripts run under their respective owners, making it easier to track and manage script ownership. To enable PHP's open_basedir protection, which restricts PHP scripts from accessing files outside their designated directories, go to the Tweak Security section in WebHost Manager.
Secure /tmp Partition
- Use a separate /tmp partition mounted with nosetuid and noexec for additional security. Run /scripts/securetmp to enhance protection.
Upgrade to Maildir Format
- For better performance and security, upgrade to Maildir format using /scripts/convert2maildir. Back up your mail before converting.
Lock Down Compilers
- Disable C and C++ compilers for unprivileged users using the Compilers Tweak in WHM to prevent exploits that require compilers.
Turn Off Unused Services
- Disable unnecessary services and daemons to minimize attack vectors. Check /etc/xinetd.conf for daemons and use the Service Manager in WHM for services.
Monitor Your System
Staying informed about your system's status is essential for maintaining security. Regularly monitor for new accounts, software installations, and updates to ensure everything is functioning correctly. Use commands like:

netstat -anp: Identify unauthorized programs attached to ports.

find / \( -perm -a+w \) ! -type l >> world_writable.txt: Check for world-writable files and directories that could be exploited.

find / -nouser -o -nogroup >> no_owner.txt: Find files without proper ownership to secure access.

ls /var/log/: Review system logs, Apache logs, mail logs, and other logs to track system activities.

Additionally, employ tools to detect and monitor potential threats:

Tripwire: Monitors file checksums and reports changes.
Chrootkit: Scans for common rootkits and backdoors.
Rkhunter: Searches for rootkits and backdoors.
Logwatch: Provides daily system activity reports.
Enable a Firewall
- Install and configure a firewall to restrict unauthorized access. ConfigServer Firewall (CSF) is a recommended addon for WHM.
Stay Up to Date
- Keep your system and software updated to address security vulnerabilities. Regularly update cPanel/WHM, user applications, and system software.
Install ClamAV Antivirus
- Install ClamAV for detecting Trojans, viruses, and malware. Set it up for daily scans to ensure ongoing protection.

For further guidance on securing your server, refer to the relevant documentation and tools for each component.