• Home
• Products
  • Dhru Fusion
  • GSM Portal
  • Smart Matrimonial
  • Easy Inventory
  • Security Products
  • Third Party Modules
  • Photoshop SM
• Services
  • Website Designing
  • Software Development
  • Server security service
  • Web Development
  • Google
    • Google Apps Setup
    • Google Analytics Consulting
  • Graphics
  • SEO Modules
  • Copyright
• News & Updates
• Customer Hub

You are here : Portal Home > Server security service

Secure cPanel Package

---

This comprehensive Secure cPanel Package can be provided for most Linux (not FreeBSD) platforms running cPanel. We will perform the installation, configuration and testing of each component of the service. We do not use scripts to perform this work (as some providers do) but perform each task by hand to ensure it is correctly installed and configured to your servers requirements.

The aim of this work is to help:
   * Secure your server from attack
   * Perform server tuning to better cope under load
   * Provide relevant regular information from your server to identify any security breaches or anomalous behaviour
   * Check for existing exploits installed or running on the server


We aim to perform the work within 24 hours of the opening of a ticket on our helpdesk with the answers to our installation questions which we will send to you once your order has been processed. We can also perform the work on any day of you choosing (7 days a week) though the actual time of day may vary.

Package includes

iptables SPI firewall (csf) **	csf is a full featured SPI (Stateful Packet Inspection) iptables firewall configuration application written by ourselves
Login failure detection (lfd)	lfd is integrated with csf to block hacking attempts from your internet facing services and detects system intrusions/rootkits
Stop unnecessary processes	Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running
Logcheck	Logcheck is configured to send you logs file emails once per hour using regular expression matches on the major server log files
Logwatch	Logwatch is a daily report that summarises the information contains in the major server log files
WHM configuration check	WHM configuration options are checked for security and performance configuration and changes where deemed appropriate
OpenSSH configuration check	OpenSSH is checked to ensure only SSHv2 protocol is enabled
Switch from proftpd to pure-ftpd	Pure-ftpd is considered more secure and lighter on server resources compared to proftpd on cPanel servers
Rootkit Hunter	Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation
Chkrootkit	Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach
mod_security ****	mod_security apache module is a security layer in apache that helps prevent exploitation of vulnerable web scripts. We will install and configure the optional cPanel mod_security module for Apache v1 and v2 For Apache v2 installations we will install a selection of the Got Root mod_security rules that they offer for free from their site
Host spoof protection	Helps prevent IP spoofing and DNS cache poisoning
Operating System check	Check to ensure that the servers OS is updating and, if not, an update is run
Name server configuration check	If the name server (bind) is running, check that it is functioning correctly and enable local DNS lookups
Disk check	Ensure disks are correctly mounted and clean up any old files to free space where possible
Kernel check	Check that the correct kernel is installed and upgrade to the OS vendors latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation)
Apache tune and check ***	Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary
MySQL tune and check ***	Check that mysql is correctly configured and tuned for your servers requirements
Enhanced log rotation	Not all server logs files are correctly rotated on a default cPanel server, so we add rotation options to logrotate to ensure that they are correctly rotated to help disk performance and application stability
Day of the week backup rotations	If you have a separate backup disk and sufficient space for additional backup rotations we will add "day of the week" backup rotations that renames the daily/ backup to the day of the week plus the date so that you will always have 7 daily backups.
Secure /tmp /var/tmp /dev/shm	These are remounted noexec and nosuid to add an additional layer of protection against web script hackers
Libsafe for 2.4 kernels	Older OS's (e.g. FC1, RH9 and RH7.3) can benefit from libsafe that helps protect against hacker stack smashing techniques that can gain them root access
ModSecurity Control (cmc)	cmc allows you to control the disabling of mod_security rules by their ID on a global, per user and per domain level
Explorer (cse)	cse allows you to browse your disk structure and directories and perform shell tasks from within WHM which can be very helpful if SSH fails for any reason
Mail Queues (cmq)	cmq allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails awaiting delivery
Mail Manage (cmm)	cmm allows you edit view and manage client email accounts and quotas from within WHM without having to log into their cPanel account
Perl installation check	Check that perl is correctly configured and that it is the latest version and upgrade if necessary
Delete unnecessary OS users	On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk
Disable open DNS recursion	Protection against abuse and poisoning of your local DNS cache if DNS server (bind) is running on the server
Enhanced path protection	Help protect against clients and hackers browsing and accessing files outside of their account directories
Remove SUID/GUID from binaries	On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk
PHP hardening	Dynamic Library loading is disabled, commonly abused php functions disabled, user defined php.ini files disabled if suPHP is already enabled - to help prevent hackers exploiting vulnerable PHP web scripts
Suhosin ****	Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core
Exploit check	A check of installed web scripts for known hacking scripts which highlight exploited web applications. Also checks in commonly abused disk directories such as /tmp and /dev/shm for any active exploits as well as a scan of all running processes. Also disabling of any known insecure versions of phpBB is performed to prevent possible compromises. If exploits are found on the server, the compromised account will be suspended and we will notify you of the location of the exploits - this does not include restoring any compromised web files
Disable BoxTrapper	Having boxtrapper enabled can very easily lead to your server being listed in common RBLs and usually has the effect of increasing the overall spam load, not reducing it.
Disable vulnerable phpBB installs	If vulnerable phpBB installations are found, they will be disabled to prevent exploitation of the server
Initial cPanel configuration	If cPanel has just been installed but not configured we can do this for you
MailMan performance	Tweak to help the performance of MailMan on a busy server

** Some servers with monolithic kernels (i.e. does not use Loadable Kernel Modules - LKMs) need to have specific iptables modules loaded and it may not be possible to configure an iptables firewall. This usually only applies to those with custom kernels or VPS hosts that have not compiled their Virtuozzo kernels with iptables support
*** We will upgrade Apache, PHP or MySQL to the latest minor version of the major version you have chosen (e.g. Apache v1.3.37 to v1.3.39). If you want us to upgrade to a the latest major version of an application, you must expressly say so (e.g. Update Apache v1.3.37 to v2.2.8)
**** While we will try and help with issues arising from the use of suhosin and mod_security, we cannot provide direct support for either application which should be sought from the applications support site

Secure your server now!