cPanel Security checks to do regularly
cPanel is a layered system
What I mean by this is that cPanel has many layers of users and thus many potential security breach points. Due to its flexibility and complexity, cPanel also has many areas that need to be looked after from a system security perspective. We will take a look at these below:
System Level – SSH
This is the most obvious and the level at which most administrators ensure a good level of security. Usually, you would allow only one or two accounts SSH access – these would be root and then an administrator of some sort.
SSH access should be locked down to access with keys only and password authentication disabled. SSH should also only be allowed from a small set of IP addresses if possible. If not, deny root access and force access to a lower level account which then has to sudo to root and use a second password to gain this level.
Ensure that any passwords you use are secure and meet the minimum requirements as I have written about in my article, “Why password isn’t a password“.
Log Files to check: /var/log/secure
and /var/log/lfd.log
System Level – WHM
WHM is usually accessed by the user “root”, but may also be set up under other usernames. Once again, ensure that the passwords (which will be system passwords as set up above) are secure.
You may also add an .htaccess file to restrict access to the WHM interface from certain IP addresses only. Do not use this if you connect using a dynamic connection (ADSL/Home fibre or dialup) where the IP address changes.
Log Files to check: /var/log/secure
and /var/log/lfd.log
cPanel Level – User Accounts
Add only as many users as you really need for the admin of your cPanel site(s). Keep the password policy high (90+) and ensure you use passwords of adequate length.
A compromised cPanel account allows spammers free reign to use your domain and accounts to send as much spam as they want to. It also allows them to insert malicious content into your websites.
Fraudsters can add phishing software to harvest credit card and banking details. Lastly, it allows pranksters to deface or just destroy all or some of your sites.
cPanel Level – Mail and FTP Accounts
With mail and FTP accounts we often fail to secure our passwords properly as the end user is often allowed to pick their own password without proper guidance. End users must be guided into selecting long, strong passwords that are not too had for them to remember.
Log files to check: /var/log/maillog
and /var/log/exim_mainlog
Software Level – Access by Application Users
Applications are often installed without checking their origin or pedigree through peer review. This allows malicious code to run on your cPanel instance which can spam or hijack email addresses.
Some software will run bitcoin miners or anonymous relays for either email spam or VPNs/Proxies to hide the true identity of the internet villain.
Be extra careful when selecting your site software and research the application reputation first. Also – only download or install software directly from the developer’s site. Do not fall for the “download” sites that boast higher download speeds or bombard you with adverts and ask for payment to download.
Be safe.
Happy Hosting!