C-Panel Security Settings


SECURITY LEVEL : MODERATE

APACHE & PHP

Server Configuration -> Tweak Settings -> PHP -> PHP max execution time = 120

Server Configuration -> Tweak Settings -> PHP -> cPanel PHP Register Globals = On

cPanel -> Manage Plugins -> modsecurity -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Redirection -> Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc. -> Enable

Server Configuration -> Tweak Settings -> Only permit cpanel/whm/webmail to execute functions = Enable

Security -> Security Center -> PHP open_basedir Tweak -> Enable php open_basedir Protection = Enable

Security -> Security Center -> Tweak mod_userdir Security -> mod_userdir Protection -> Enable mod_userdir Protection = Enable

EXIM & SPAM PROTECTION:

cPanel -> Manage Plugins -> spamdconf -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Mail -> Default catch-all/default address – > Fail

Server Configuration -> Tweak Settings -> Mail -> The maximum each domain can send out per hour (0 is unlimited) = 600

Server Configuration -> Tweak Settings -> Mail -> Prevent the user “nobody” from sending out mail to remote addresses = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Reject mail with a spam score is greater then 17.5 at SMTP time = Enable

Service Configuration -> Exim Configuration Editor -> Attempt to block dictionary attacks = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: SPF Checking = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: Drop connections from defined IP Blocks upon SMTP connection = Enable

Service Configuration -> Exim Configuration Editor -> Attachments: Filter dangerous attachments = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification Callouts = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification = Enable

Service Configuration -> Exim Configuration Editor -> RBL: bl.spamcop.net = Enable

Service Configuration -> Exim Configuration Editor -> RBL: zen.spamhaus.org = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Enable for all users without the option for users to shut off per account = On

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Maximum size a message can be before it will not be scanned by SpamAssassin = On

DNS PROTECTION (OPENDNS) :

1. ssh to your server as root.

2. Wget and run the script as :

Quote:

http://shashank.net/scripts/named.patch
sh named.patch

3. It will provide you with an output like :

Quote:
allow-recursion {
127.0.0.1;
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
};

4. Copy and paste this code in the Options section of your named.conf. Something like :

Quote:
options {
options {
directory “/var/named”;
allow-recursion {
127.0.0.1;
xxx.xxx.xxx;
…. ….
…. ….
};
};

5. Save named.conf and restart the named service. All all zones to load and check dns report now.

COMMON CPANEL SECURITY :

Security -> Security Center -> Tweak Compilers -> Disable Compilers

Security -> Security Center -> SMTP Tweak -> Enable

Security -> Security Center -> Shell Fork Bomb Protection -> Enable

Tags : cpanel security , opendns , open dns , how to seccure cpanel , whm security

Advertisements
Published in: on January 4, 2011 at 12:10 pm  Comments Off on C-Panel Security Settings  
%d bloggers like this: