Holdfire Hosting Forums: Optimizing and Securing WHM - Holdfire Hosting Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Optimizing and Securing WHM

#1 User is offline   Jordan 

  • Administrator
  • Group: Staff
  • Posts: 86
  • Joined: 13-June 08
  • Gender: Female
  • Location: Chicago, IL

Posted 01 Feb 2010 - 05:15 PM

You can easily optimize and secure WHM by configuring a few options in the GUI itself that can increase your server's productivity.

To make changes, you will need to go to Tweak Settings. All changes will require you to 'tick' the option to enable it.

WHM > Server Configuration > Tweak Settings

Domains
  • Prevent users from parking/adding common internet domains (hotmail.com, aol.com, etc)


Mail
  • Attempt to prevent pop3 connection floods (This has been removed under newer versions of cPanel)
  • Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks. - set this to FAIL (Other option 'localuser' increases server loads )
  • Silently Discard all FormMail-clone requests with a bcc: header in the subject line
  • The maximum each domain can send out per hour - set to 100 (or your choice)
  • Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)


Mail - UNCHECK
  • Mailman


System
  • Use jailshell as default on new accounts


Once you have made those changes, you can save the settings.



Now you will need to go to:

WHM > Security Center

  • Apache mod_userdir Tweak > Enable mod_userdir protection
  • Shell Fork Bomb Protection > Enable Shell Fork Bomb Protection
  • Compiler Access > Disable compilers


WHM > Service Configuration > FTP Server Configuration
  • Allow Anonymous Logins - NO
  • Allow Anonymous Uploads - NO


WHM > Account Functions > Manage Shell Access
  • Disable shell access for all users. Alternatively you can enable jailed shell.


WHM > SQL Services > MySQL Root Password
  • MySQL Root Password - Change Root Password for MySQL
    Do note that you should avoid using asterisks (*), periods (.) or other special characters in your MySQL password. This has known to cause PHPMyAdmin to not function.


WHM > System Health > Background Process Killer
Check the following and then save:

  • BitchX
  • bnc
  • eggdrop
  • generic-sniffers
  • guardservices
  • ircd
  • psyBNC
  • ptlink
  • services


When adding reseller accounts, under Reseller Modifications > Edit reseller privileges & nameservers make sure to:
  • Prevent Accounts from being created with shell access
  • Disallow the the reseller to use all global packages (global packages are any packages without a "_" in them)
  • Disallow Creation of Packages with Shell Access
  • Disallow Creation of Packages with Unlimited Bandwidth
  • Disallow Creation of Packages with Unlimited Diskspace
  • Disallow Restart Services
  • Disallow Account Modification
  • Disallow Bandwidth Limiting Modification
  • Disallow Quota Modification

0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users