Est. reading time: 3 minutes
cPanel Security checks

cPanel Security checks to do regularly

cPanel is a layered system

What I mean by this is that cPanel has many layers of users and thus many potential security breach points. Due to its flexibility and complexity, cPanel also has many areas that need to be looked after from a system security perspective. We will take a look at these below:

System Level – SSH

This is the most obvious and the level at which most administrators ensure a good level of security. Usually, you would allow only one or two accounts SSH access – these would be root and then an administrator of some sort. SSH access should be locked down to access with keys only and password authentication disabled. SSH should also only be allowed from a small set of IP addresses if possible. If not, deny root access and force access to a lower level account which then has to sudo to root and use a second password to gain this level. Ensure that any passwords you use are secure and meet the minimum requirements as I have written about in my article, “Why password isn’t a password“.

Log Files to check: /var/log/secure and /var/log/lfd.log

System Level – WHM

WHM is usually accessed by the user “root’, but may also be set up under other usernames. Once again, ensure that the passwords (which will be system passwords as set up above) are secure. You may also add a .htaccess  file to restrict access to the WHM interface from certain IP addresses only. DO NOT USE THIS IF YOU CONNECT USING A DYNAMIC (ADSL/HOME Fibre or DIALUP) CONNECTION.

Log Files to check: /var/log/secure and /var/log/lfd.log

 cPanel Level – User Accounts

Add only as many users as you REALLY need for the admin of your cPanel site(s). Keep the password policy high (90+) and ensure you use passwords of adequate length. A compromised cPanel account allows spammers free reign to use your domain and accounts to send as much spam as they want to. It also allows them to insert malicious content into your websites. Fraudsters can add phishing software to harvest credit card and banking details. Lastly, it allows pranksters to deface or just destroy all or some of your sites.

cPanel Level – Mail and FTP Accounts

With mail and FTP accounts we often fail to secure our passwords properly as the end user is often allowed to pick their own password without proper guidance. End users must be guided into selecting long, strong passwords that are not too had for THEM to remember. See Why password isn’t a password for some good password advice.

Log files to check: /var/log/maillog  and /var/log/exim_mainlog

Software Level – Access by Application Users

Applications are often installed without checking their origin or pedigree through peer review. This allows malicious code to run on your cPanel instance which can spam or hijack email addresses. Some software will run bitcoin miners or anonymous relays for either email spam or VPN’s / Proxies to hide the true identity of the internet villain. Be extra careful when selecting your site software and research the application reputation first. Also – only download or installed software directly from the developer’s site. Do not fall for the “download” sites that boast higher download speeds or bombard you with adverts and ask for payment to download.

Be safe.

Happy Hosting!

The Author

Michael O.

Michael is the founder, managing director, and CEO of HOSTAFRICA. He studied at Friedrich Schiller University Jena and was inspired by Cape Town's beauty to bring his German expertise to Africa. Before HOSTAFRICA, Michael was the Managing Director of Deutsche Börse Cloud Exchange AG, one of Germany's largest virtual server providers.

More posts from Michael

Related posts