Allowing Customer Access
We build sites and host them on our own cloud servers running cPanel. We've been doing this for a few years. We're getting more and more customers asking for full access to their site via FTP or SSH, and we're concerned about the security implications. Right now, we try to lock FTP access to a single directory - not the whole public_html. And, we never allow SSH access. We're running PHP 5.3 without suEXEC, suPHP, Suhosin, mod_security, or Ruid2. Is there a "best practice" guide to secure this type of "open" server?
-
Hello :) You may want to check out the cPanel security adviser plugin if you are looking for a way to see what options you should enable on your system to increase security: [11.38] Open source cPanel Security Advisor Addon Thank you. 0 -
I'm going to turn on jailed shell for all users and switch to ruid2. Solid plan to lock down customer access? Any permissions issues or anything I should be aware of when using ruid2? 0 -
Yes, the following document contains information you should know before enabling Mod_Ruid2: ModRuid2 - cPanel Thank you. 0
Please sign in to leave a comment.
Comments
3 comments