For WHM version 11.30
Using the security functions, you are able to better secure your server. You may manage password strength, SSH keys, users, and more.
- Apache mod_userdir Tweak — The
mod_userdir feature provides the ability to view websites on your server by typing your hostname followed by a tilde and the website owner’s username. (Example:
http://host.example.com/~username) Restricting this type of access is desirable, as it allows users to circumvent bandwidth limits.
- Compiler Access — Many common attacks require a working C or C++ compiler on the server. Disabling these compilers will result in a more secure server.
- cPHulk Brute Force Protection — Brute force is an attack (hacking) method that involves using an automated system to guess the password to your web server or services. cPHulk helps defend your server against such attacks.
- Manage root's SSH Keys — This feature allows you to control existing SSH keys on your web server. You may also add and import new SSH keys to your server. When managing your keys, you will find they are divided into public and private key sets on 2 separate lists.
- Manage Wheel Group Users — The wheel group contains specific users who are able to execute the
su command. This command allows the user to gain "root" or "superuser" access.
- PHP open_basedir Tweak — To improve security, you may wish to prevent users from using PHP to open files outside of their home directory.
- Quick Security Scan — This feature disables operating system-level services that are not necessary for your web server.
- Scan for Trojan Horses — This feature scans system files that have been modified by something other than cPanel or the server’s operating system. It is recommended that you investigate these files to ensure they have not been injected with malicious code.
- Security Questions — This feature allows you to define and manage security questions. Security questions are used whenever an attempt to log in is made from an unrecognized IP address.
- Shell Fork Bomb Protection — This feature will prevent users with terminal access (SSH or Telnet) from using up the system's resources and potentially crashing your web server via a malicious attack known as a fork bomb. Fork bombs work by starting a cascade of small processes that duplicate themselves until the server's resources are depleted.
- SMTP Tweak — You may want to prevent users from bypassing your mail server to send mail. This is common practice for spammers. Use this feature to configure your server so that the mail transport agent (MTA), Mailman mailing list software, and root user are the only accounts able to connect to remote SMTP servers.
- SSH Password Authorization Tweak — This feature allows you to tweak your SSH authentication by enabling or disabling passwords. If passwords are disabled, users will be forced to use keys when using SSH to access your server.
- Traceroute Enable/Disable — The traceroute utility is a network tool that can be used to determine the route taken by information (packets) sent across the Internet. This often is the first step in pinpointing weaknesses for mounting an attack.
Topic revision: r9 - 14 Nov 2011 - 13:10:28 - MelanieSeibert