Server Security is critical to keep your server, websites, and other data secure. New methods of attacks and hacks are popping up almost every day, so it is critically important to keep your servers safe and updated. Keeping your server up to date will make the servers highly resistant to attacks, hacks, and other threats.
Of course, there is no way to protect your server from all security issues 100% of the time. It's simply not possible.
We have the following links that should help:
- Tips To Make Your Server More Secure
- Recommended Security Settings
- Basic Security Concepts
- Additional Security Software
- How To Prevent Email Abuse
- How To Secure SSH
Some basics (these are all mentioned in the links above as well):
- Strong Passwords: Keep strong and lengthy alphanumeric passwords with multiple characters.
- Securing SSH: It is essential to ensure SSH/Shell for restricting the attacks through it. For this, always update the SSH packages to the latest stable version. Another means to secure SSH is to set up a Wheel User, which will only allow you to log in to the server as the desired user. Direct root login should not be permitted.
- Enable cPHulk Brute Force Protection - cPHulk is a commonly used tool to protect the server from Brute Force attacks.
- Disable compiler access to users other than root
- Harden /tmp and /var/tmp by running /usr/local/cpanel/scripts/securetmp
- Enable firewall (iptables or firewalld) - Setting up a firewall is very important in security because it denies all the unwanted connections to the server. A beneficial (and free) tool to manage iptables is called CSF (ConfigServer Security & Firewall)
- Install ClamAV - ClamAV is a cPanel plugin for protection against Viruses and malware.
- Disable Recursion in Bind (or PowerDNS)
- Update RPMS and the Kernel with a yum update. Do this regularly.
- Disable Anonymous FTP & Logins with root
- Install Imunify360, or at minimum ImunifyAV (anti-virus)
- Last but not least, keeping your server operating system, Kernel, and all 3rd party software updated regularly. Do not disable any updates, and don't forget to update all software.