This comprehensive cPanel server service can be provided for servers running cPanel. We will perform the installation, configuration and testing of each component of the service. We do not use scripts to perform this work (as some providers do) but perform each task by hand to ensure it is correctly installed and configured to your servers requirements.
The aim of this work is to help:
If you have any questions about the Server Services below or any other services that we can offer, please feel free to contact us and/or check the sales FAQ
lfd is integrated with csf to block hacking attempts from your internet facing services and detects system intrusions/rootkits
Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running
Log Scanner is part of lfd and is configured to send you logs file emails once per hour using regular expression matches on the major server log files
WHM configuration options are checked for security and performance configuration and changes where deemed appropriate
OpenSSH is checked to ensure only SSHv2 protocol is enabled
Pure-ftpd is considered more secure and lighter on server resources compared to proftpd on cPanel servers
Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation
Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach
mod_security apache module is a security layer in apache that helps prevent exploitation of vulnerable web scripts. We will install and configure the optional cPanel ModSecurity Apache module and include a set of effective rules
Helps prevent IP spoofing and DNS cache poisoning
Check to ensure that the servers OS is updating and, if not, an update is run
If the name server (bind) is running, check that it is functioning correctly and enable local DNS lookups
Ensure disks are correctly mounted and clean up any old files to free space where possible
Check that the correct kernel is installed and upgrade to the OS vendors latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation) *****
If applicable, the free CloudLinux Symlink Kernel Patch will be applied
Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary
Check that mysql is correctly configured and tuned for your servers requirements
Not all server logs files are correctly rotated on a default cPanel server, so we add rotation options to logrotate to ensure that they are correctly rotated to help disk performance and application stability
Check temporary file permissions, ownership and contents. Remount noexec and nosuid where possible
cmc allows you to control the disabling of mod_security rules by their ID on a global, per user and per domain level
cse allows you to browse your disk structure and directories and perform shell tasks from within WHM which can be very helpful if SSH fails for any reason
cmq allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails awaiting delivery
cmm allows you edit view and manage client email accounts and quotas from within WHM without having to log into their cPanel account
Check that perl is correctly configured and that it is the latest version and upgrade if necessary
On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk
Protection against abuse and poisoning of your local DNS cache if DNS server (bind) is running on the server
Help protect against clients and hackers browsing and accessing files outside of their account directories
On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk
Dynamic Library loading is disabled, commonly abused php functions disabled, user defined php.ini files disabled if suPHP is already enabled - to help prevent hackers exploiting vulnerable PHP web scripts
We will run a manual cxs scan of user data to help identify any exploits within accounts and provide a summary report of the results. Also checks in commonly abused disk directories such as /tmp and /dev/shm for any active exploits as well as a scan of all running processes. If exploits are found on the server, the compromised account can be suspended and we will notify you of the location of the exploits - this does not include identifying specific exploits, restoring/cleaning any compromised scripts, or quarantining exploits for you
Having boxtrapper enabled can very easily lead to your server being listed in common RBLs and usually has the effect of increasing the overall spam load, not reducing it
If cPanel has just been installed but not configured we can do this for you
The MailScanner Front-End is included with the cPanel Service Package + MailScanner package
You can raise technical queries on our helpdesk for one week after the service package is performed. Any work requiring us to login to your server may attract our hourly general server management fee
The cPanel Service packages can be performed on dedicated servers and VPS's running cPanel supported releases on Redhat/CentOS/AlmaLinux/CloudLinux and Ubuntu (i.e. not EOL)
We cannot perform this work on servers running the applications from 1h.com, BetterLinux, Bitninja or ASL.
cPanel must be installed before we can perform this service package (its is a prerequisite)