Basic cPanel VPS Security Measures

As server technology moves on and becomes more modern, the threats that face both Windows and Linux servers are becoming stronger meaning that they still pose a serious threat to even the most secure of web hosting servers. Many Linux based servers in the web hosting industry will be using the cPanel control panel so that clients of the web hosting providers concerned are able to manage their web hosting accounts, and so that the system administrators are able to manage the web hosting servers through a web browser. And as server technology moves forward and becomes cheaper, many users are upgrading their existing web hosting packages to VPS servers so that they can take advantage of the fact that they have their own resources; however, with this comes many users that are unable to secure their servers to such an extent that most attackers won’t be able to gain entry. Web hosting providers will in most cases offer you basic assistance when it comes to securing your server, but its the smaller things such as keeping your server software updated that can make a difference. However, whether you are good with managing servers or not there are still several different actions that you can take to ensure that your server is secure to an acceptable level.

The main steps that you will need to take to secure your cPanel VPS server to an acceptable level are really quite basic, and you may have software such as a firewall installed on your local desktop computer. If you are unsure as to any steps then your web hosting provider should have a support team that are able to install such security components for you. The main security components that you will be installing on your cPanel VPS will include:

• CSF Firewall
• RKHunter
• SIM (System Integrity Monitor)
• LES (Linux Environment Security).

We will also discuss the basic hardening of both PHP and Apache since if left unmodified both of these can be used to gain access to an insecure server. There are also measures that you can take to secure the MySQL database server.

Installing CSF, LES and SIM

CSF is a popular firewall in the web hosting industry since it integrates very well with the WHM side of the cPanel/WHM Linux control panel suite. When configured correctly CSF will block any IP addresses/hostnames that attempt to attack your VPS in any way; for example, you may find that a bot is trying to attack your server by trying to access a certain service using different username and password combinations - after a certain amount of failed logins, LFD (logon failure daemon) which comes with CSF will automatically block the attacking IP. Installing CSF really is a piece of cake; all you need to do for the basic installation is run the following commands in an SSH window:

• wget http://www.configserver.com/free/csf.tgz
• tar -xzf csf.tgz
• cd csf
• sh install.sh

Once you have done that, you will find that CSF has been successfully installed and can be managed through the WHM control panel. All you need to do is scroll down to the bottom of the left hand menu and select it from under the ‘Plug-Ins’ menu. However, in some cases you may find that your cPanel server already has another firewall combination install - APF and BFD; now, in order for CSF to work you will need to remove both of these, to do so you will need to run the following command from the CSF folder in your terminal window:

• sh remove_apf_bfd.sh

Once initially installed CSF will be running in what is called ‘testing’ mode which means that it isn’t doing its assigned job - protecting your server from malicious attackers. From here you will need to configure CSF yourself using the configuration file, and once you are happy with your modifications you only need to set the ‘TESTING’ variable in the configuration file from its current value of ‘1′ to ‘0′ which will then put the firewall into actions once it has been restarted.

LES and SIM aren’t as important to use as CSF may be, but both still have their uses when it comes down to the security of your server and the monitoring of it. The purpose of LES is to prevent any environment based attacks, i.e. attacks which may root from bugs or security holes that may exist in files that are hosted on your cPanel server. SIM is responsible for the monitoring of your system resources and the important programs that you may have running on your system and will notify you of any problems.

Installing and Configuring Rootkit Hunter (RKHunter)

Rookit hunter is probably one of the most useful applications that you can have installed on your cPanel VPS server. Although rootkits can’t be removed in most cases simply because they are installed into system files, RKHunter will still notify you of any rootkits that may exist in your system so that you can take the necessary steps to reload your cPanel server. Rootkit hunter is both easy to install and configure, and the best thing about it is that you can configure it to do daily scans to ensure that if any rootkits are discovered they aren’t able to affect your server too much. The main steps for installing RKHunter are:

• wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz
• tar -xzf rkhunter-1.3.2.tar.gz
• cd rkhunter-1.3.2
• ./installer.sh

Once you have RKHunter installed it may be useful to schedule it to do daily scans and to update itself on a regular basis so that you don’t have to. In order to schedule it to do a daily scan you should follow these steps:

• vi /etc/cron.daily/rkhunter.sh (press ’shift + I’ to make the file editable)
• (/usr/local/bin/rkhunter –update && /usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “RKhunter Scan Details” email@domain.com) - (replace email@domain.com with your own email address)
• press ‘esc’ and then type ‘:wq’, and your file will be saved
• chmod 700 /etc/cron.daily/rkhunter.sh

By following the steps above you are able to configure RKHunter to run a daily scan which will then be emailed to you but the same script will also do a daily update check.

Securing the /tmp Partition

Some of the attacks and exploits that can take place against any Linux server normally take place within the /tmp directory which is why it is incredibly important that you secure this one directory/partition. If you are running cPanel on a dedicated Linux hosting server then you simply need to run the following command to secure /tmp:

• /scripts/securetmp

However, it is a different matter on cPanel VPS servers since the above script doesn’t work on most Virtuozzo based VPS servers. In order to mount/secure /tmp on a cPanel VPS hosting server, you will need to add the following line to ‘/etc/fstab’:

• none /tmp tmpfs nodev,nosuid,noexec 0 0

By mounting /tmp with noexec and nosuid we are able to ensure that no executables are able to run in the /tmp directory.

Securing Apache/PHP

There are certain measures that you can to ensure that any installations of PHP or Apache that you may have are secure. The most obvious measure you can take is to ensure that any installations that you have of either are up-to-date so that any security holes that there may have been in older versions have been healed on your own server. In terms of Apache you should ensure that you have specific modules installed such as mod_security which will prevent any web based injection attacks and mod_evasive which will prevent any web based brute force attacks.

Mod_security can be installed by recompiling Apache through the ‘EasyApache’ interface which is now included with all new cPanel installations. By re-compiling Apache you can also update PHP to the latest version that is available. Through EasyApache you can also re-compile PHP with SuHosin which will add another layer of security to any PHP scripts tha you may be hosting. Another important step to carry out is the enabling of PHP SuExec which can be done through the WHM control panel by following these steps:

• under the ‘Service Configuration’ section of the left menu select ‘Apache Configuration’
• select ‘PHP and SuExec Configuration’
• under ‘Alter Configuration’ set Apache SuExec to ‘On’

You should also disable certain dangerous PHP functions on your cPanel server to ensure that any unsecure PHP scripts that you are hosting won’t be able to compromise the security of your entire server. In order to do so, you should follow these steps:

• php -i | grep php.ini
• vi /usr/local/lib/php/php.ini
• in your PHP configuration file you should look for the ‘disable_functions’ line
• once you have found it, change it to: ‘disable_functions = “system,passthru,exec,popen,proc_close,proc_get_st atus,proc_nice,proc_open,proc_terminate,shell_exec ,highlight_file,escapeshellcmd,define_syslog_varia bles,posix_uname,posix_getpwuid,apache_child_termi nate,posix_kill,posix_mkfifo,posix_setpgid,posix_s etsid,posix_setuid,escapeshellarg,posix_uname,ftp_ exec,ftp_connect,ftp_login,ftp_get,ftp_put,ftp_nb_ fput,ftp_raw,ftp_rawlist,ini_alter,ini_restore,inj ect_code,syslog,openlog,define_syslog_variables,ap ache_setenv,mysql_pconnect,eval,phpAds_XmlRpc,phpA ds_remoteInfo,phpAds_xmlrpcEncode,phpAds_xmlrpcDec ode,xmlrpc_entity_decode,fp,fput”‘
• save the file
• restart Apache (service httpd restart)

You should also set a MySQL root password through the ‘Set Root Password’ option that is located under the ‘SQL Services’ menu.

Conclusion

Now that you have followed the basic steps to secure your cPanel VPS, you can be safe in the knowledge that malicious attackers are highly unlikely to be able to gain access to it in any way. However, it is still down to you to ensure that all the security software amongst other programs that you have installed on your VPS server is kept up-to-date. You should also monitor your VPS hosting server externally since then you will know if your VPS crashes but most importantly if anyone gains unauthorised access to it. If you are the only one using the server then you should also ensure that any PHP files of scripts that you are running are unaffected by any security features that you enforce but mainly that the actual coding itself is secure and can’t be injected.

What Is Secure Web Hosting Service?

If you have an online business and a website, you definitely need to have a secure web hosting service. There are many hackers waiting for a chance to hack your website and get the important details present on your site. There are even many harmful viruses and spyware applications which can harm your website. Also, if your website has personal details of your customers which need to be kept confidential, then you definitely need a secure web hosting service.

Secure web hosting service is very important if you have chosen shared web hosting. There will be a number of users on the same server and you need to protect your data from these shared users. You even need to check what kind of security your web host provides. You also need to check the policies that look after the web hosting server, about the scripts, and the softwares that can be installed on your website. See that no unproven code is allowed on your website as it may cause damage to your entire site and also to the web server.

The next thing you need to check is about the maintenance and the upgrading the operating system of the web server. Windows operating system is considered to have most of the security problems, but the security problems are the same as the Linux and the UNIX operating system. You need to be sure that all the security aspects are provided and taken care of frequently by your secure web hosting provider.

You also need to know how frequently your web host updates the security of the web server, and whether they do it themselves or hire someone else to do it for them.

Even the best maintained web systems can fail suddenly. Hence, having a web audit done by third-party experts in the field can uncover hidden or unforeseen problems before they get activated.

There are some additional steps which you need to keep in mind for making the hosting a secure web hosting. You need to set some really difficult passwords for your websites. These passwords should also be changed frequently to keep the hackers at bay.

Remove all the Spywares and Adwares from your system as they may get uploaded to your website when you use the FTP or related softwares to upload your web files. Also, you should not have the same password for all the web applications that you are using. This is because, if your password is same then, if some one is able to hack your password, then they can hack your entire web hosting server.

To be continued…

How To Set Up Domain Names

A domain name is the name of a specific website. It looks something like www.yourdomainname.com. A single domain can have either one web page or may contain many web pages. These web pages are still considered as addition of the same site.  This is one of the ways to develop and expand your website with additional web pages.

The domain names are usually classified depending on their extension. The most popular domain extension is .com, which is used mainly for commercial organizations. There are many other extensions like .net, .biz, .edu, etc., referring to a network, business, or an educational website. However, most people who have build their website for personal or small business purpose go for .com, as it the most widely used and usually the way most public refer to a website.

The domain name usually depends on the company’s name, or the product’s name, or even any other name. After selecting the name that you want to have for your website, it is very easy to register that domain name. This can be easily accomplished online. Now-a-days, even the costs of the domain names are very cheap.

However, these domain names have to be renewed after a particular period of time. Also, before registering for any domain name, you have to check whether the name that you have chosen is already taken by (registered) any other organization.

If you need more number of people to visit your website, then the domain name which you choose should be simple and very easy to remember. If your domain name is hard to remember or if it is too long, then there are chances that people will type wrong URL and they will never come to your website. They will not even remember your long domain name when they need to, and may forget your site all together because you chose a hard-to-remember domain name.

If possible you should also buy some of the misspelled domain names of your website. This is a good strategy. Even today, there are many web surfers who type-in the wrong URL by mistake. You just have to link all the URLs to your main website’s URL. You do not have to redesign the whole website again for all the misspelled or additional URLs.

So, it is better to buy some misspelled domain names as well and make sure that even if the web surfers type-in the wrong spelling, they are redirected back to your original website.

Your domain name must contain your business name if you have one. This will also make your business name or the brand name popular online, and the web surfers can then easily find your domain name in the search engine results.

Before selecting any domain names, you need to do research on the Internet about the various domain names available. You can even ask take some advice on choosing domain names from your clients, by putting up a survey and giving away attractive prize to the person who suggests the best domain name.

Security Of Your Domain Name

Once you choose your domain name, it is very important that your domain name is totally safe and protected from any internet hackers or internet thefts. Such hackers may invade your domain and pose as the administrator and change the ownership of your domain easily.

If anyone steals your domain name in such a way, it then becomes very difficult to recapture that domain name. This process even takes lot of time and is very costly. There are even very less chances that you will get back your domain name.

This could have an impact on your online business and you may loose all the web traffic to your business. If your domain name is captured or stolen by the web hackers, then they can even send dangerous messages using your domain name, which can harm your website’s reputation.

So, to make your domain name secure, you need to keep in mind some of the important features. For example, you need to have high-quality web security for your domain to make it completely secure.

For this, you need to contact your domain provider for better security facilities. You should also have a close watch from time to time on the content present on your website periodically to see if there are any harmful messages inserted.

Always purchase your new domain name from the domain registrar or from your reputable web hosting company and check whether they offer the “hijack-proof” domain security service. Register.com can offer you such security for an amount of $99 for the “Domain Lockdown” service.

As the Network Solutions is exposed for web vulnerabilities, while registration of your domain name, you should request the encrypted password option. You can also have their PGP (Pretty Good Privacy) account option.

The theft of the domain is getting worse and is a concerned issue for the website owners and website sellers equally. If you are planning to go for hosting service, make a point of checking with the web host what sort of security they provide in this context.

Always prefer to purchase your domain name and also web hosting plan from very reliable web hosting service providers. Check their reliability by doing a web search for any serious complaints about them. You can usually find the bad web hosting service providers’ name and type of complaint on the various web hosting related forums. As they all say, prevention is better than cure! Setting up domain names and its security should be done with utmost care.

How can you prevent your website from being hacked?

Your website is being targeted by hackers daily! All websites are being targeted daily by countless hackers every day to steal important information present on these websites. This is a serious concern and now, there are many useful web security applications available to make your website secure along with other websites.

The following are some of the web security features that are most important for your website to be secured.

SSL (Secure Sockets Layer)

If your website intends on selling products or services, then this is the most important feature that should be included in your website. SSL provides the necessary security and privacy in web oriented communication systems. The two basic features of SSL are:

1.) SSL keeps check on every message that is exchanged over the internet. SSL also creates a secured network between the computers. Secure Shell Host (SSH) is another encryption server service that has been integrated by some web hosts for the web security purpose. This prevents the necessity for additional installation of security softwares. This may also reduce the requirement of additional installation of security protocols.

“Optional session caching” is one of the important features of SSL which optimizes all network connections or activities. This secures and optimizes the communication processes.

2.) SSL protocol keeps absolute privacy during web-oriented communications by using the symmetric cryptography. Web-oriented communications may include monetary transaction between two participating sites as well.

FTP (File Transfer Protocol)

Using File Transfer Protocol (FTP) is used to transfer the text data, audios, videos, other multimedia files, or graphics to the web server from your personal computer or web server. Web servers which make use of this File Transfer Protocol are usually secured, as this feature allows the users to securely transfer the files from one server to another.  This allows users to create specific FTP accounts. User names and passwords can be assigned to each of the FTP accounts. This makes sure that only the owner of the FTP account can transfer the files over that particular FTP account.

SFTP (Secured File Transfer Protocol)

The Secure File Transfer Protocol (SFTP), FTP, and SSH are provided by some web hosts for additional web security to protect the web content on the websites hosted on their web servers. Using these features, you can effectively prevent web hackers from hacking your website.

SSH (Secure Shell Host)

Secure Shell Host (SSH) is perhaps the most expert security feature used to look after the web communication methods. There are encrypted channels present through which users can access different computers over the Internet and carry out certain specific commands from a distant place. SSH protects the transfer process of digital content between computers connected through the internet. This process also prevents hackers from stealing your valuable data.

Preventing Spam

Though spamming does not directly affect your website, it can affect your business gradually over a period of time. Usually, the free web host servers are the ones which get affected by this spamming. Spam messages usually carry harmful virus, spy-wares, and other kind of harmful applications with them which can harm your computer or infect your website’s important files. It also affects the bandwidth and the disk space of your web hosting server. So, there should be an anti-spam program or tool installed in your website to prevent spam and, in turn, make your website very secured.

Protecting The Hot Links

Protecting the hot links on the site is one of the most important features that you need. Hot linking occurs when another website shows the images or hyper-links, present on your website, on their website. This acts as a theft of your data. So, it is important to protect your content from such stealing acts. It also affects the bandwidth and the disk space of your website. So, to protect your website, you need to take care of the hot linking by having special preventive web tools to save your website from the thefts.

DDOS Prevention

Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks are some of the oldest known threats targeting the operating systems. This is still a very difficult problem with no known effective solutions. They slow down the web servers. This slowing down affects all the websites present on that particular web server. The anti-DDOS software is now available and is included in the firewall and router. All these important security features are now being implemented by most of the web hosts in their web servers effectively.

Hosting accounts has an access to a shared secure server. Its not really a separate server but the web pages are displayed through an encrypted connection. Every page on a website can be called through this secured server.

You can access the web pages through the secure server using following path:-

Replace “servername” with the name of the server on which your domain is hosted. Replace “yourdomain” with your domain name without the TLD extension, and replace “filename.html” or “scriptname.cgi” with the name of the file you want to call through the secure server.

https://servername.safe-order.net/yourdomain/filename.html

Use this path to access scripts located in CGI-BIN-

https://servername.safe-order.net/cgi-yourdomainscriptname.cgi

Note: Always use “https” instead of the usual “http”. Secure calls require the use of the “https”.

Every computer which accesses the internet or is connected to a network uses ports to communicate. Ports are almost like individual conversations going on over the same telephone line but which each port talking about a different thing. For example, every time you access a website using http, the chances are you’ll be using port 80. For other protocols such as ftp (file transfer) different ports are used, in this case port 21. Email, secure connections, streaming etc. all use different ports which helps control the flow of data and filter desired information from undesired.

Now for many people, you never see or need to know that your computer is doing this automatically. However in some special cases, a program wants to use an unusual port number and if you have a firewall installed, it may be set to block the port, preventing the program from communicating. You may get pop-up windows telling you about the request but you may not so if a program tries to communicate across a network or the internet and  fails, it could be worth trying it without your firewall turned on to see if that is the problem. If it is, you can set up rules to allow that program access.

There are two key types of firewall: hardware and software based. Hardware firewalls are often built into routers or similar (you can often change the port you access your router admin on and use the address http://routerip:portnumber) and are generally more of an outer barrier preventing any obvious attacks on a system. These can sometimes cause problems but it is more often than not the software firewall will be blocking a connection and will need to be configured. Software firewalls are generally more configurable and allow you to choose which programs can access the internet or network and individual ports can often be opened (you will be able to find out which ports certain programs need by using a search engine) or closed down as necessary. Generally software firewalls have more flexibility than hardware based and have the advantage that they go with you wherever your computer is.

The need for a firewall more than anything is to only allow desired programs and information to be sent from your computer. Hackers and malicious code can exploit security holes in a firewall allowing data to be sent. Port scans often detect weaknesses and firewalls help to identify and protect against these. Hardware firewalls are particularly effective for this. Software firewalls will often alert you if a program wants to access the internet so if it is one you don’t recognise, don’t allow it. You can the investigate it further and if it turns out to be malicious, antivirus or anti-spyware software will help to remove it.

As a firewall is there for security, use it wisely and only have the ports open you need. If you’re not sure what a program is, deny it access and investigate. You can always change it later!