Some basic steps we can take to harden our cpanel server:
1. Turn on PHP Open Base protection – Prevents scripts from being executed outside of users home directory
2. Turn on PHP SUExec – All php scripts run uid & gui of that user rather than with Apache uid & uid.
3. Disable direct root logins. – All system administrators should first login with unprivileged system account and ’su – root’ when necessary.
4. Keep the number of users with a shell to an absolute minimum. – Systems are much easier to attack and compromise when the attacker has an interactive shell on that server to launch the attack from. – Many attacks require local priviliges in order to ‘escalate’ to root. If a user does not have a local account this type of attack will be harder to execute.
5. Disable or limit the use of the system compilers i.e. gcc – (chmod 700 /bin/gcc) – Many attacks are dependent on being able to compile the exploit on the local machine.
6. Disable or limit the use of commands that enable the downloading of remote code i.e. wget, curl, ncftpget etc. – Many attacks are dependent on the attackers ability to download exploit code from various sites on the Internet.
7. Stay up to date with the latest cpanel release (www.cpanel.net) and apply updates quickly when new vulnerabilities are discovered. – The cpanel forums (forums.cpanel.net) serve as an excellent point of reference for new and experienced administrators alike.
8. Turn off services you aren’t using – i.e. Java chat; Melange etc. – If your clients are using POP3 exclusively turn off IMAP.
9. Never send your passwords clear text across the Internet. – ALWAYS access WHM using https://IP_or_DOMAIN:2087 – ALWAYS access Cpanel using http://IP_or_DOMAIN:2083
Posted by We3cares 