You can also update using this line: #/scripts/upcp –force

To escape these efforts, you can simply turn on the automatic updates.

Go to WHM > Server Configuration > Update Preferences.

2. Secure Password

Something everybody knows today! But still, people ignore it.

• Weak passwords > Hacked easily > Infect client sites or spread viruses

80% of hacking attempts try to obtain the site by cracking the weak password set by the site owners.

But how can you make sure your password is secure?

Edit “/etc/login.defs” file to configure password options on your system.

• Utilize at least 8 characters including alphanumeric and grammatical symbols.
• Avoid using significant dates and dictionary words.
• If you have issues, you can leverage the “Password Generator tool” to have ideas.
• Go to “Tweak Settings” in “Server Configuration” and enable SSL to avoid any leak.
• Still uncertain about password security? Test it via JTR cracker or check password strength using pam_passwdqc.

3. Secure SSH

SSH or Secure Shell is a remote connectivity tool in Linux which helps users to log into a remote machine and execute commands. Therefore, if you don’t secure SSH, there are chances of attacks.

How can you secure SSH?

Update SSH packages to the latest stable version.

A. Setup Wheel User

When you are logged into root user, create a new user, and you will then be asked a few questions.

adduser <wheel_user_name>

Hit “Enter” once you are done with setting a password.

Add that user to the Wheel user group. If you want an existing user to be the wheel user, you can simply go to WHM > Security Center > Manage Wheel Group Users > Select the user and click “Add to Group”.

Now Disable Root User:

Open SSH config file > Set PermitRootLogin to ‘No’ > Restart SSH

Once you have terminated the session, you can’t log in as a Root user. To log in, use the new user you just created or the existing one.

B. Setup Key-based Password-less login

Disable password authentication and allow SSH access only by key-based authentication.

Open SSH Config file (vi /etc/ssh/sshd_config) > Edit the Password Authentication to “no”

Password authentication in the server is disabled now. Generate SSH key in the host machine > ssh-keygen

If you hit ‘Enter’, the key will be placed in ‘/home/user/.ssh/id_rsa’ by default.

4. Secure Apache and PHP

Enable ModSecurity

In WHM, you should enable ModSecurity to secure Apache from attacks like code injection. Specific rules defined in the ModSecurity helps in blocking connection that doesn’t match the rules.

Install ModSecurity

WHM > Plugins > ModSecurity

• Configure suEXEC for executing the CGI scripts and suPHP as the PHP handler. Enable suEXEC and suPHP by browsing to WHM > Service Configuration > suEXEC.
• Change the PHP handler to suPHP, turn Apache suEXEC to ‘On’ and ‘Save’ New Configuration.
• Enable PHP open_basedir protection: It prevents PHP scripts from files outside of its home directory.
• WHM > Security Center > PHP open_basedir Tweak > Enable PHP open_basedir Protection > Save.

Disable some of the PHP functions:

• WHM > Service Configuration > PHP Configuration Editor > Select Advanced mode > register_globals: Off
• The register_globals setting controls how you access the server, form, and environment. If it is on, anything passed via GET or POST or COOKIE automatically appears to be the global variable in the code, this might have security consequences.
• Disable_functions: allow_url_fopen, proc_open, popen, phpinfo, exec, passthru, shell_exec, system, show_source.

“Save” the settings and restart Apache after this.

Important: Don’t forget the latest versions for proper security.

5. Enable Brute-Force Protection

Brute-Force: Repeated hit and trial attempt to access the server.

When you set the value of Brute-Force protection, it ensures that repeated unsuccessful attempts to access the server from a given IP address will get that IP blocked.

To activate this feature: “CPHulk Brute-Force Protection > Security Center > Enable”

Under the “IP Deny Manager” option, you can also block a particular IP address, domain name, or range of IP addresses from accessing a site managed by cPanel.