Tips for Further Enhancing Security
cPanel is offered with all of 2GBHosting's Linux shared, VPS, dedicated and reseller hosting accounts. Your cPanel will help you with everything that has to do with your website, including: website settings, backups, FTP functionalities, new domain setup and configuration, checking emails, adding new email addresses, configure your web hosting account; just to name a few. We know how important your website is to you, that is why we offer a great amount of security tools to prevent hackers from compromising your site. However, cPanel users can benefit from some added protection to your cPanel account.
1. Change your username and password
2GBHosting will provide you with a username and password to log into your cPanel. You will get these credentials in an email when you sign up for a Linux hosting account. It is very important that you change your username and password so that no one can steal your credentials. For example, if someone hacks into your email they can steal your credentials for your cPanel account and wreak havoc on your website, as they will have access to your database and they can do anything.
2. Choose a secure password
Here are a few tips for making your password more secure and avoiding any unwanted issues.
- Change your password often
- Do not use words from the dictionary
- Do not use passwords with your birth date or telephone number
- Use numbers, letters and symbols to make your password more secure
- Try to use a password that has 8 or more characters in it
- Do not ever save your password in your browser
3. Disable anonymous FTP
There is an inherent risk leaving anonymous FTP open, as a hacker is able to upload your content in order to gain access to your account. In order to avoid this, disable anonymous FTP and specify SSL for access. This can be done by going to the “FTP Server Configuration” under “Service Configuration” to check that the “Allow Anonymous Logins” is set to no.
4. Use an encrypted connection to log into your cPanel
2GBHosting strongly recommends that you access your cPanel over an encrypted SSL connection. An encrypted SSL connection will ensure that your login credentials will not be transmitted in plain text over the Internet. To log into your cPanel over an encrypted connection, your domain must propagate first; this can take approximately 48-72 hours after your site has been set up. Once your domain propagates, you can access your cPanel by entering your domain followed by a port number. If you are having trouble accessing your cPanel interface using your domain name, then you can also access it using your domain's IP address. Here is how you log into your 2GBHosting cPanel account:
- https://YOURDOMAINNAME:2083 --this allows you to access your cPanel over a encrypted connection (SSL) with your domain name
- https://YOURIPADDRESS:2083 --this allows you to access your cPanel over a encrypted connection (SSL) with your IP address
5. Understand your server environment
It is very important to understand your server environment before you use it, including: architecture, operating system, application and kernel versions, IP addresses and what your hosting account limitations are. It is critical that you always run on the updated version of applications and kernels. At 2GBHosting we offer the latest and most recent version of cPanel, so that you are able to benefit from all fixes and security enhancements. It is also recommended that you check your cPanel service status often to get your real-time server conditions, including: CPU’s, total memory usage and disk space status. Make sure your server is stable, as it should run under 80% of disk usage and under 10% of swap; the load average of the server should be under 2x the total number of CPU's.
6. Enable Brute Force Protection
Setting the value of brute force protection will ensure that any IP address that repeatedly tries to unsuccessfully attempt to access your server will be blocked. Not to mention that the IP address that is blocked will also be kept in the cPanel database. However, after a particularized period of time, cPanel will allow for the concerned IP address to again accept a login attempt. If you would like to activate this, then go to “CPHulk Brute Force Protection” in “Security Center” and set to “Enable.” It is also important to note that the “IP Deny Manager” choice will also permit you to designate a specific domain name, IP address or range of IP addresses to be blocked from accessing a website managed by cPanel.
7. Notification and Monitoring
By default, your registered email address will be used as the primary contact. However, you are also required to register an alternative email address to receive notifications by cPanel. Adding an alternative email will ensure that you will get cPanel emails just in case there is an issue with your primary email.
It is also very crucial that you know what is going on in your system. For example, you should always know when accounts are being created, what and when software is being installed and when you need updates for software; just to name a few.
Furthermore, it is critical to check your system often to make sure that everything in functioning normal by checking and monitoring things like:
- netstat -anp : search for programs that you did not install and that are attached to ports
- find / ( -perm -a+w ) ! -type l >> world_writable.txt : Examine world_writable.txt to look at the world writable directories and files, as this will unravel the locations where a hacker can keep files in your system. Please note that if you fix permissions on some PHP/CGI scripts that are badly coded, this will break them.
- find / -nouser -o -nogroup >> no_owner.txt : Examine no_owner for all files that don't have a user or group associated with them. If these files are not owned by a specific group or user, then you should restrict access to them.
- ls /var/log/: There are valuable resources on your system through many different logs. Examine all your logs including: system, Apache, mail and other logs often to ensure that your system is functioning as anticipated.
As you check out these various ways to strengthen security, you will see additional security enhancement choices accessible to you in cPanel. For further instructions and tips, go to http://cpanel.net. If you need more information, then contact us with your questions.