Tips for Keeping cPanel and WHM Secure

July 29, 2015 — by Andreas0


When thinking about automated hosting, cPanel is one of the most common types that comes to mind. It is used by many people, helping manage the server and making website management easier to handle – but that automation goes hand in hand with some security risks. There are a few things you can do to optimize cPanel and WHM, making it so that you can continue to use these services without taking unnecessary risks with the safety of your site.

Make sure that you regularly update cPanel. These patches are rolled out to address everything from bugs to security flaws, and skipping one could lead to disaster. It does not take much time to complete updates, and better yet, it’s very easy to configure automatic updates. Just visit WHM>Server Configuration>Update Preferences to set up this automated feature that is sure to be beneficial.

Enable SSL and make it mandatory for all of your users. Visit WHM>Server Configuration>Tweak Settings to do so, and users will be directed to http rather than https.

Force users to select secure passwords by visiting WHM>Security Center>Password Strength Configuration. The stronger, the better! When your users have to create strong passwords it gives added security to your system. Do not allow users to use passwords that are based on dictionary words or significant dates, as these are easily guessed by both humans and automated password cracking programs. A password that includes at least eight characters, both alphanumeric and grammatical symbols, should be strong enough to meet your needs without making it too challenging for a user to generate a password that they can remember.

With these tips in mind, you should be able to use cPanel and WHM without risking security. Use automated hosting to your advantage without the added worry!


Tips for Web Application Security

July 8, 2015 — by Andreas0


Are you running web applications on your website? The majority of websites rely on applications for some reason. These programs provide a lot of benefit to website owners!

Most web applications depend on server-side scripting, which can lead to problems with website security. You may rely on these web applications for functionality so it makes sense to use them, but it is important to implement security measures for your protection, and to keep your data safe from nefarious people.

Before you run a web app, scan it for any vulnerabilities that could leave an open door to your data. This is an easy step and something that can be done in no time at all, especially if you use a free or open source scanner to check out your app. An application firewall gives you added security, so make sure you are using one for your site – there’s nothing to lose, but a lot to gain by following this rule!

When choosing web applications make sure that they are free of bugs, and easily exploitable issues. How can you be sure that a web application is safe to use? Be sure to work with trustworthy developers for new products and ensure that you are also working with top-notch commercial and open source products for existing apps. If you are developing your own web applications, take the necessary precautions to ensure you are not leaving vulnerabilities in your app.

You should look at the permissions of your web apps to ensure that they are all carefully calibrated. Make sure files have permissions that restrict writing and executing to the server itself. Only authorized users should be able to access your file, so keep an eye on this list. If you keep authorized users down, there are fewer opportunities for people to maliciously handle your files.

Make sure you regularly update any and all web applications you are using. If a developer finds a security problem he or she will typically release a patched update that closes whatever security hole is open. Updating apps is an easy way to promote good security practices, without taking much time out of your day. People with bad intentions rely on website owners to avoid scheduling updates – don’t fall into this trap!

There is no need to shy away from using web applications out of fear of security problems – just make sure that you are careful and you should be able to get the most from web apps without any of the problems. Focus on strong security practices, selecting high-quality apps, and doing your homework to ensure that you have identified and dealt with potential vulnerabilities, and you can get the benefits of web apps without the risks.

Miss Hosting

Security Tips for New VPS Users

May 4, 2015 — by Andreas0


vps securityIf it is your first time using a Virtual Private Server (VPS) you are probably itching to get started, but before you jump right in, there are a few things you should know to make sure your VPS is secured. Most people rely on their shared hosting provider to handle security but if you’re using a VPS, that responsibility is yours alone, so make sure you know what you’re doing!

Secure logins and other access – Having a strong, secure password is very important for your protection all over the place, VPS included. You should also limit SSH access to the bare minimum of users who really need it, and do not allow root logins – anyone who gets in with a root account can control your entire server, so this is a huge safety risk, especially considering that a hacker can get in via brute force if you do not disallow this type of login.

Always update software – Patches and fixes stop vulnerabilities in applications, services and scripts from being wide open for malicious intent. The fixed versions of software, however, only work when they are installed. Do not delay updates, as they are one of the most important and easy ways for you to secure your VPS.

Focus on protection – By installing network firewalls, application firewalls, brute force detection and other preventative measures for your operating system, you are making it much more difficult for any unwanted individuals to gain access.

Use system monitors – As a VPS administrator you have to be ready to address problems before it is too late. Use system monitors to keep a watchful eye on your VPS, to find and flush out issues quickly.

Make frequent backups – Always back up your server and make sure the backups will actually restore your files and settings. In the event that something goes wrong, a robust, functioning backup can get you back up and running quickly without losing important information.

Shut down unnecessary services – When you start up your server you are likely running a lot of services and daemons that are not necessary for your purposes. As the number of services running on your server increases, so do the opportunities for unwanted access through open ports.

Cut down on unneeded services and you will increase protection as well as performance.
Try executing # chkconfig –list to see what the startup status is of services on your server. To stop a service at startup time, execute # chkconfig –levels off. This should help you narrow your services down to the essentials.