Managing your server is a big headache, especially for semi-technical guys like me. Most bloggers/webmaster starts their journey from shared hosting, and when their needs grow, they shift to VPS or dedicated server. Dedicated servers usually come with two options, either they are managed or unmanaged. Some companies only offer unmanaged servers like OVH and DigitalOcean. Managed servers usually cost a lot more than unmanaged servers, so most technical and semi-tech opt for the unmanaged option.
Unmanaged servers seem very easy to manage at first, but they are totally a headache. People think they can take care of everything with Cpanel/WHM but that’s not the case. When you manage your server you have to take care of everything; from managing to keeping them live, you have to take care of all things that can go wrong. Although server management isn’t so easy, still you can learn and manage your servers, but one thing that will surely bring hell out of you is server security.
Keeping server secures isn’t so easy. After all, security is just an allusion, and you are responsible for keeping everything smooth. I can tell you how many sleepless nights I have been through because of security issues. But after years of managing and securing servers, I have got enough knowledge to help others secure their server. Server security problems are unique for everyone. You are not going to find answers to most of the questions online. You will get very few answers on Google and if you don’t know any techie guy who can help you out there, then hiring an expert reamins the only option. So before you get to that point use this guide to secure your server. Secure before someone else force you to.
Disclaimer: This is what I do to secure my servers. If any problem is caused by these methods or settings, I won't be held responsible for it.
Securing Your Centos Cpanel Server
Follow this guide and secure your servers. If you think any setting is not suitable for you, you can skip it. Alternatively, you can ask me in the comments section or forum for help.
Bruteforce attack is a sort of attack in which attacker’s use computer power to guess the password. The computer repeately tries thousands of different passwords to find the right one. Though it takes a lot of time for them to discover passwords but it consumes server resources and causes them to slow down. The attacker usually goes for root users so here are some methods you can use to protect your server from brute force attacks.
In some cases, when attackers get access to your server using buggy scripts, they upload a shell script. Using the shell, they can see usernames of all accounts on the server, which make it much easier for them to start a brute force attack.
WHM does not enable any default protection method for brute force but you can use these methods to secure up your server.
- Don’t use generic passwords. Always use a password generator for a strong password combination.
- Disable root user login and create an alternative user to logins as admin. This way, attackers will have a hard time discovering right username.
- Enable CpHulk Brute Force Protection in WHM options. Set a limit to at least fifteen attacks to lower down false positive rate. (Note: You may get locked out of your server if you try an invalid password many times.)
- Securing CPanel and Whm
- Shell protection
- Tweak settings
- Rules Protection
- Shell access protection
- PHP Functions disable
- Installing CSF Firewall
- Shell detection
- Securing WordPress
- Securing PHP Scripts
- Ports protection
- Fixing resource limit for sites