ConfigServer Server Services

This comprehensive cPanel server service can be provided for most Linux (not FreeBSD) platforms running cPanel. We will perform the installation, configuration and testing of each component of the service. We do not use scripts to perform this work (as some providers do) but perform each task by hand to ensure it is correctly installed and configured to your servers requirements.

The aim of this work is to help:

Secure your server from attack
Perform server tuning to better cope under load
Provide relevant regular information from your server to identify any security breaches or anomalous behaviour
Check for existing exploits installed or running on the server

If you have any questions about the Server Services below or any other services that we can offer, please feel free to contact us and/or check the sales FAQ

We aim to perform the work within 24 to 72 hours from the opening of a ticket on our helpdesk with the answers to our installation questions (and correct access details) which we will send to you once your order has been processed.

cPanel Service Package
Only

$130/server

cPanel Service Package
+ MailScanner Front-End

$160/server

Please read the Server Services Terms and Conditions for this service as placing an order indicates your acceptance

ConfigServer eXploit Scanner

cxs is included free with our cPanel Service Package

iptables SPI firewall (csf) **

csf is a full featured SPI (Stateful Packet Inspection) iptables firewall configuration application written by ourselves

lfd is integrated with csf to block hacking attempts from your internet facing services and detects system intrusions/rootkits

Stop unnecessary processes

Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running

Log Scanner

Log Scanner is part of lfd and is configured to send you logs file emails once per hour using regular expression matches on the major server log files

Logwatch

Logwatch is a daily report that summarises the information contains in the major server log files

WHM configuration check

WHM configuration options are checked for security and performance configuration and changes where deemed appropriate

OpenSSH check

OpenSSH is checked to ensure only SSHv2 protocol is enabled

Switch proftpd to pure-ftpd

Pure-ftpd is considered more secure and lighter on server resources compared to proftpd on cPanel servers

Rootkit Hunter

Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation

Chkrootkit

Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach

ModSecurity ****

mod_security apache module is a security layer in apache that helps prevent exploitation of vulnerable web scripts. We will install and configure the optional cPanel ModSecurity Apache module and include a set of effective rules

Host spoof protection

Helps prevent IP spoofing and DNS cache poisoning

Operating System check

Check to ensure that the servers OS is updating and, if not, an update is run

Name server check

If the name server (bind) is running, check that it is functioning correctly and enable local DNS lookups

Disk check

Ensure disks are correctly mounted and clean up any old files to free space where possible

Kernel check

Check that the correct kernel is installed and upgrade to the OS vendors latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation) *****

Apache tune and check ***

Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary

MySQL tune and check ***

Check that mysql is correctly configured and tuned for your servers requirements

Enhanced log rotation

Not all server logs files are correctly rotated on a default cPanel server, so we add rotation options to logrotate to ensure that they are correctly rotated to help disk performance and application stability

Secure /tmp /var/tmp
/dev/shm

Check temporary file permissions, ownership and contents. Remount noexec and nosuid where possible

ConfigServer ModSecurity
Control (cmc)

cmc allows you to control the disabling of mod_security rules by their ID on a global, per user and per domain level

ConfigServer Explorer (cse)

cse allows you to browse your disk structure and directories and perform shell tasks from within WHM which can be very helpful if SSH fails for any reason

ConfigServer Mail Queues
(cmq)

cmq allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails awaiting delivery

ConfigServer Mail Manage
(cmm)

cmm allows you edit view and manage client email accounts and quotas from within WHM without having to log into their cPanel account

Perl installation check

Check that perl is correctly configured and that it is the latest version and upgrade if necessary

Delete unnecessary OS
users

On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk

Disable open DNS recursion

Protection against abuse and poisoning of your local DNS cache if DNS server (bind) is running on the server

Enhanced path protection

Help protect against clients and hackers browsing and accessing files outside of their account directories

Remove SUID/GUID binaries

On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk

PHP hardening

Dynamic Library loading is disabled, commonly abused php functions disabled, user defined php.ini files disabled if suPHP is already enabled - to help prevent hackers exploiting vulnerable PHP web scripts

Suhosin ****

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core

Exploit Scan and Summary

A check of installed web scripts for known hacking scripts which highlight exploited web applications. Also checks in commonly abused disk directories such as /tmp and /dev/shm for any active exploits as well as a scan of all running processes. If exploits are found on the server, the compromised account can be suspended and we will notify you of the location of the exploits - this does not include restoring any compromised web files

Disable BoxTrapper

Having boxtrapper enabled can very easily lead to your server being listed in common RBLs and usually has the effect of increasing the overall spam load, not reducing it.

Initial cPanel configuration

If cPanel has just been installed but not configured we can do this for you

MailScanner Front-End

The MailScanner Front-End is included with the cPanel Service Package + MailScanner package

One week of informational
tickets

You can raise technical queries on our helpdesk for one week after the service package is performed. Any work requiring us to login to your server may attract our hourly general server management fee

Please read the Server Services Terms and Conditions for this service as placing an order indicates your acceptance

** Some servers with monolithic kernels (i.e. does not use Loadable Kernel Modules - LKMs) need to have specific iptables modules loaded and it may not be possible to configure an iptables firewall. This usually only applies to those with custom kernels or VPS hosts that have not compiled their Virtuozzo kernels with iptables support

*** We will upgrade Apache, PHP or MySQL to the latest minor version of the major version you have chosen (e.g. Apache v2.2 to v2.4). If you want us to upgrade to a the latest major version of an application, you must expressly say so. Tuning is a basic configuration appropriate for the server configuration.

**** While we will try and help with issues arising from the use of suhosin and ModSecurity, we cannot provide direct support for either application which should be sought from the applications support site

***** We do not offer a service to investigate or fix issues with OS vendor kernel upgrades, so you must ensure that you have suitable backups

The cPanel Service packages can be performed on dedicated servers and VPS's running cPanel supported releases of Redhat/CentOS or CloudLinux

We also cannot perform this work on servers running the applications from 1h.com, BetterLinux, Bitninja or ASL.

cPanel must be installed before we can perform this service package (its is a prerequisite)

We cannot provide any guarantees that the work that we do won't affect third-party applications (including web scripts). We can advise after the work is done if you see any problems where to start looking, but we don't provide any support for third party applications (including web scripts). Any advice that we give is dependent on you performing normal server administration investigative work into any problems and implementing any suggestions that we may provide.