PDA

View Full Version : All in one Tutorial: How to setup/install WHM server for cPanel hosting reselling



Fli
04-28-2014, 11:25 PM
How to setup WHM/cPanel server for hosting reselling A to Z.

Hello, what are Your experience setting up WHM/Cpanel server?

I will share my experience and what i tried because i did it myself and hat alot of trouble around it. It can be useful for someone or for myself when i need to repeat the process of installing WHM server from scratch. This manual can be very valuable especially for newbie admins who setup their WHM server, (you can protect your server from many hacking/low performance issues)

What this tutorial do?
This tutorial should help setup fully working shared hosting server based on cPanel/WHM which will allow you to automatically resell webhosting accounts . The server which wont get overloaded by abusers easily and server which support most of the website software.

Price calculations - what you need

You need:
- Server from reliable company - VPS server cost from around $20 monthly and dedicated server cost around $40 monthly.
- WHM/cPanel VPS license cost around $15 monthly. Dedi server WHM license $35 monthly
- Domain name for your hosting website cost around $10 yearly
- Billing system recommend WHMCS cost $15 monthly, but one can get it with an shared reseller hosting even cheaper (http://internetlifeforum.com/reseller-hosting/1450-cheapest-cpanel-reseller-hosting-plans-under-%2412-monthly/).

OR one can buy shared reseller cpanel hosting (see link above) and have reseller hosting + cpanel + whmcs at around $15/mo. price! In that case, this tutorial would not be needed because your provider will manage WHM server for you.

Domain & hosting site order

If you want to run hosting reselling business, you need domain name and a website where you introduce hosting. It can be wise to buy cheap reseller plan as linked above which includes hosting space + whmcs billing system which is frontend of your hosting website too. Then include domain name with your order. This all should cost around $15/mo. + $10 yearly domain. One need to get familiar with the billing system and the things, this takes months of time. Then when having more customers, one can continue with this tutorial and buy own server with bigger capacity.

Server order

Order server (http://internetlifeforum.com/dedicated-server-hosting/284-ovh-alternatives-cheap-dedicated-servers/) from reliable datacenter (servercomplete, ovh + considering online.net). Per my experience, for WHM/cPanel its recommended to have at least 2GB ram server (hosting a few cpanel accounts, to host tens of accounts, 4gb ram+, 100 accounts, 8gb ram+ and similar) with at least 15gb disk space. Operating system should be preferably CentOS 7.x 64bit or higher. 1 IPv4. 2xHDD in raid1 or 4xHDD Raid 10 for the best performance. SSD is a big plus if there is alot of accounts on the server. In case of a VPS, select KVM or XEN virtualization.

WHM/cPanel license order

Im using BuyCpanel (http://billing.buycpanel.com/bill1/aff.php?aff=668), their prices and support are one of the best. License setup is instant. License IP change is free & instant.
After order, click "Request an Installation" in client area. They usually install in a few hours and for free. So you can login WHM and start working.

Initial WHM setup

After login to WHM (https://yourserverip:2087 (https://yourserverip:2087/)), set your nameservers. I strongly recommend to set only first two. The nameservers ns1 and ns2 . youhosting.com. These nameservers you need to register in your domain registar control panel. Ask you domain registar if you can not find how to do it. Both nameservers should point to the IP of your cPanel/WHM server.
Home »Server Configuration »Basic cPanel & WHM Setup - ns1.yourhosting.com and ns2.yourhosting.com
Home »Networking Setup »Resolver Configuration - i have google DNSs: 8.8.8.8 and 8.8.4.4
Home »Support »Configure Customer Contact

Important Apache modules

Various scripts need varius software to run properly. I tested that these packages are really a must or else your customers may complain some of their scripts dont work or server is slow / vulnerable.
1. Home »Software »EasyApache (Apache Update) (or via command line, screen; /scripts/easyapache)
2. Begin by selecting a profile to load ; Previously Saved Config ; click "Start customizing based on profile" button
3. Next Step
4. There i select "5.3.28 DEPRECATED" because many scripts show errors on PHP 5.4 (http://internetlifeforum.com/php-mysql-forum/1855-php-errors-5-3-vs-5-4-version/) and click "Next step"
5. Scroll down and click "Exhaustive Options List"
6. I made sure to have ticked these modules: Deflate, eAccelerator, Expires, MemCache, IonCube Loader for PHP, Xcache * for PHP, MySQLi, Suhosin*, Zend Guard Loader for PHP, GD, PDO, PDO MySQL, Symlink Race Condition Protection, Zip, mod qos (anti slow loris?), mod ruid2 (mod_ruid2 may not work when enabled from Tweak settings / security - show error 403 on websites but prevent symlink race condition),
Mod Security - i highly recommend all these be enabled
7. Save and Build (if you want to) - then it will take around 20 minutes, in meantime continue next step in a new browser window
8. If you selected memcached in EasyApache, you need to do these steps (http://internetlifeforum.com/linux-forums/1884-install-memcache-memcached-whm-linux-centos-server/#post2791) to make it working
9. Imagick is enhanced GD alternative and some scripts like it. To install it do linux command "/scripts/installimagemagick" and then go to WHM/Software/Module Installers/PHP Pecl (manage)/Install a PHP Pecl/imagick and "Install Now"
10. Now if you are building Apache (see the step 6 above on this page), then i would wait untill that step 6) is done, then continue this step: apply mod_deflate rules to all website hosted on server (in case you installed Deflate in step 6. above). Mod deflate will compress content before sending it to a website visitor, saving server resources and alot of data transfer (even 70% (http://www.whatsmyip.org/http-compression-test/?url=aHR0cDovL2ludGVybmV0bGlmZWZvcnVtLmNvbS8=)). So go to: WHM / Service Configuration / Apache Configuration / Include Editor / Pre Virtual Host Include / All Versions and paste there mod_deflate & other caching rules:


Header add Strict-Transport-Security "max-age=31536000"
SSLHonorCipherOrder On
SSLCompression off

<IfModule mod_fcgid.c>
FcgidMaxRequestLen 1073741824
</IfModule>

<IfModule mod_deflate.c>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/plain text/html application/x-httpd-php-source
AddOutputFilterByType DEFLATE text/xml application/xml application/xhtml+xml application/xml-dtd
AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml image/svg+xml
AddOutputFilterByType DEFLATE text/css text/javascript application/javascript application/x-javascript
AddOutputFilterByType DEFLATE font/truetype application/x-font-ttf font/opentype application/x-font-otf
</IfModule>
</IfModule>

# Website visitor internet browser should cache some website elements to prevent re-downloading from server
# 1 YEAR
<FilesMatch "\.(flv|ico|pdf|ttf|avi|mov|ppt|doc|mp3|wmv|wa v)$" >
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
# 1 WEEK
<FilesMatch "\.(jpg|jpeg|png|gif|swf|js|css)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
# 3 HOUR
<FilesMatch "\.(txt|xml)$">
Header set Cache-Control "max-age=10800"
</FilesMatch>
# 5 MINUTES
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=300"
</FilesMatch>
# NEVER CACHE - notice the extra directives
<FilesMatch "\.(php|cgi|pl)$">
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
</FilesMatch>

ErrorDocument 400 "400, Bad request"
ErrorDocument 401 "401, Unauthorized"
ErrorDocument 403 "403, Forbidden"
ErrorDocument 404 "404, Not found"
ErrorDocument 406 "406, Not acceptable"
ErrorDocument 500 "500, Internal server error"

<Directory "/">
Options -ExecCGI -FollowSymLinks Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride All
</Directory>

<Directory "/usr/local/apache/htdocs">
Options IncludesNOEXEC Indexes -FollowSymLinks +SymLinksIfOwnerMatch -ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>

# causing error 500 in Joomla site (superko)
#<Directory "/home">
#Options All -ExecCGI -FollowSymLinks -Includes -IncludesNOEXEC -MultiViews #+SymLinksIfOwnerMatch
#AllowOverride AuthConfig Indexes Limit Fileinfo
#</Directory>

# allow php files be handled by php only, so not readable as txt etc.
<FilesMatch "\.ph(p[2-6]?|tml)$"> # this equal to: .php, .php2, .php3, .php4, .php5, .php6 .phtml
SetHandler application/x-httpd-php5
</FilesMatch>

Then it will be applied and apache restarted. (Directory * codes should prevent some symlinking and executing cgi, security measure)
Note: in above mentioned code, there is a directive:

<Directory "/">
Options -ExecCGI -FollowSymLinks Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride All
</Directory>
Maybe i can better protect server if i disable symlinks also in sub directories, example by duplicating above directive and applying it also to a subdirectory by using: Directory "/*" instead of Directory "/" . Anyway below in this tutorial i add symlink() php function to disable_functions so above mentioned directives regarding symlinks may be absolete thanks to that.

MYSQL

After WHM was installed on my CentOS linux server, there was missing basic mysql values in /etc/my.cnf file (it is mysql configuration file). Thanks to this fact i think many mysql requests was saved to disk instead into memory which is faster. So on my server with 4Gb RAM+ is hosted around 50 websites and these are my values i set and found quite good:



max_connections=100
max_user_connections=15

thread_cache_size=8
innodb_buffer_pool_size=400M
join_buffer_size=4M
query_cache_size=256M
query_cache_limit=128M
table_open_cache=512
tmp_table_size=512M
max_heap_table_size=512M

CSF Firewall

Install ipset (https://internetlifeforum.com/security-protection/8900-tutorial-how-install-use-ipset/) for much more effective blocking than just iptables:
yum install epel-release
yum install ipset

Its critically important to have firewall like CSF installed on WHM hosting server. CSF (Config Server Firewall) is very handy and integrated into WHM.
http://configserver.com/cp/csf.html (Install & Readme links on the bottom of the page)
Follow above mentioned manual, Installation page to install CSF from linux terminal (SSH).
- test installation by running from terminal /etc/csf/csftest.pl (if you get errors try reading this page (http://internetlifeforum.com/security-protection/1711-csftest-pl-failed-%5Bfatal-error-iptables-unknown-error-required-csf-funct/)) continue with firewall only if you manage to fix fatal errors.

Then open new WHM page (https://yourserverip:2087 (https://yourserverip:2087/)) and refresh/reload it. At the bottom side menu, there is Plugins Section and inside is menu entry "ConfigServer Security & Firewall". Click it

There "Quickly allow" and "Ignore" your home/office computer IP address (www.myip.ms (http://www.myip.ms/)) to prevent it being blocked.
Then go to (Home »Networking Setup »Resolver Configuration). Then hit "Check Server Security" button in CSF section. Fix issues according to advices.
Then these are my customized CSF values, which i found quite good ("Firewall Configuration" button):
TCP_IN = "20,21,25,53,80,110,143,443,465,587,953,987,993,995 ,2077,2078,2082,2083,2086,2087,2095,2096,11211,300 00:35000,8081"
TCP_OUT = "20,21,25,37,43,53,80,110,113,443,465,587,873,953,9 87,2086,2087,2089,2703,8081,11211"
UDP_IN = "20,21,53,953"
UDP_OUT = "20,21,53,113,123,873,953,6277"
CONNLIMIT = 21;20,22;1,25;50,80;4,110;12,143;5,443;4,465;50,58 7;50,783;20,993;5,995;12,3306;25 - 4 concurrent new connections for one IP may be too low if Apache has Keep Alive Off?
PORTFLOOD = 22;tcp;2;300,80;tcp;20;5,110;tcp;20;2,143;tcp;20;5 ,443;tcp;20;5,993;tcp;20;2,995;tcp;20;2
UDPFLOOD = 1
LF_IPSET = 1 - leave it at 0 in case yum install ipset failed/ipset is not working (ipset version)
LF_EMAIL_ALERT = 0 - dont want to be flooded by blocked IP emails, can read logs in CSF from time to time
LF_SSHD_PERM = 3600
LF_FTPD_PERM = 3600
LF_SMTPAUTH_PERM = 3600
LF_CPANEL_PERM = 3600
LF_APACHE_404 = "350" (it may block googlebot maybe if it visits not found page too many times)
LF_APACHE_403 = "200"
LF_BIND = 100 (i had 60)
LF_BIND_PERM = 3600 (i had 7200)
LF_SCRIPT_ALERT = 1 - alert if an script sending bulk mail
LF_INTEGRITY = 0
LT_POP3D = 120
LT_IMAPD = 120
SMTP_BLOCK = 1
CT_LIMIT = 150 - i think important settings
CT_BLOCK_TIME = 1000
PT_ALL_USERS = 1 - low importance
PT_DELETED = 0
PT_USERMEM = 320 - send email alert if user script exceeds this memory usage
PT_USERTIME = 120 - send email alert if user script exceeds this time usage
PT_USERKILL = 1 - processes detected by PT_USERMEM, PT_USERTIME or PT_USERPROC are killed
PT_LOAD_LEVEL = 20 - only alert email when server load is very high 20.00
PT_FORKBOMB = 350 - 350 same processes is too much
PS_EMAIL_ALERT = 0 - dont want to receive too much emails of blocked IPs due to port scan
RT_RELAY_LIMIT = 200
RT_RELAY_BLOCK = 3600
RT_AUTHRELAY_BLOCK = 3600
SYSLOG_CHECK = 300 - ???
LOGSCANNER = 0
PT_USERPROC = 20
PT_USERKILL_ALERT = 0 (dont let me know once processes are killed because of high count or high ram/runtime)
SMTP_PORTS = "25,465,587"
SMTP_ALLOWUSER = "cpanel,usernameone,usernametwo"

Then i choosen to ignore following processes so they are not tracked/killed by CSF. Add to /etc/csf/csf.pignore


exe:/usr/local/cpanel/bin/autossl_check
user:munin
exe:/usr/libexec/postfix/.*
exe:/bin/tar
pcmd:/usr/bin/php /home/someuser/addon/domain.com/index.php
exe:/usr/local/cpanel/3rdparty/bin/freshclam
pcmd:/usr/bin/wget -O /dev/null https://fixhash.com/cron.php.*
pcmd:/usr/bin/php /home/.*./public_html/cron.php
pcmd:/usr/bin/php /home/.*./public_html/wp-cron.php
pcmd:/usr/bin/php /home/.*./public_html/.*./wp-cron.php
pcmd:pkgacct.*
cmd:/bin/sh ./mysqloptimizer
exe:/etc/cron.monthly/mysqloptimizer
exe:/usr/local/sbin/nginx
exe:/usr/local/cpanel/3rdparty/bin/english/webalizer
exe:/usr/lib/courier-imap/bin/pop3d
exe:/usr/lib/courier-imap/bin/imapd
exe:/usr/sbin/pure-ftpd
exe:/usr/local/cpanel/cpsrvd
exe:/usr/local/cpanel/3rdparty/bin/imapd
exe:/usr/local/apache/bin/httpd
exe:/usr/local/cpanel/bin/cppop
exe:/usr/sbin/sshd
exe:/usr/sbin/proftpd
exe:/usr/local/cpanel/3rdparty/bin/php
exe:/usr/local/cpanel/3rdparty/bin/analog
exe:/usr/local/urchin/bin/urchinwebd
exe:/usr/local/cpanel/cpsrvd-ssl
exe:/usr/bin/spamc
exe:/usr/local/cpanel/bin/cppop-ssl
exe:/usr/local/cpanel/bin/logrunner
exe:/usr/local/cpanel/cpdavd
exe:/usr/local/cpanel/bin/cpwrap
exe:/usr/libexec/gam_server
exe:/usr/sbin/named
exe:/usr/sbin/exim
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/libexec/hald-addon-acpi
exe:/usr/sbin/hald
exe:/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/pop3
exe:/usr/sbin/nsd
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
exe:/var/cpanel/3rdparty/bin/php
exe:/usr/bin/postgres
exe:/usr/sbin/ntpd
exe:/sbin/ntpd
exe:/usr/local/cpanel/3rdparty/sbin/mydns
exe:/usr/local/cpanel/3rdparty/bin/webalizer_lang/english
exe:/usr/local/cpanel/3rdparty/perl/514/bin/spamd
exe:/usr/local/cpanel/bin/cpuwatch
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/auth
exe:/usr/libexec/dovecot/dict
exe:/usr/libexec/mysqld
exe:/usr/bin/memcached
user:mailnull

# Some additional entries that you might want to ignore on cPanel servers.
# However, be aware of the security implications under "Process Tracking" in
# the csf readme.txt when using these:
#
cmd:spamd child
pcmd:/usr/local/cpanel/3rdparty/bin/python /usr/local/cpanel/3rdparty/mailman/bin/qrunner.*
pcmd:/usr/local/cpanel/3rdparty/bin/python /usr/local/cpanel/3rdparty/mailman/bin/mailmanctl.*
pcmd:/usr/bin/perl /usr/local/cpanel/3rdparty/bin/awstats\.pl.*
pcmd:/usr/bin/perl /usr/local/cpanel/base/awstats\.pl.*
pcmd:cpanellogd - (http|ftp) logs for .*
pcmd:cpanellogd - archiving logs for *
pcmd:/usr/local/cpanel/3rdparty/share/munin/munin-update
#cmd:MailWatch SQL
#pcmd:MailScanner:.*
exe:/usr/lib/polkit-1/polkitd
exe:/usr/sbin/chronyd
#cmd:/bin/sh /usr/bin/mysqld_safe
exe:/usr/local/cpanel/3rdparty/sbin/p0f
exe:/usr/local/cpanel/cpanel
exe:/usr/sbin/nscd
exe:/usr/local/cpanel/bin/pkgacct
exe:/usr/sbin/httpd
exe:/usr/bin/dbus-daemon
exe:/usr/local/cpanel/3rdparty/php/54/sbin/php-fpm
exe:/usr/local/cpanel/3rdparty/php/56/sbin/php-fpm
exe:/usr/local/cpanel/3rdparty/php/54/bin/php-cgi
exe:/usr/local/cpanel/3rdparty/php/56/bin/php-cgi
exe:/usr/libexec/dovecot/lmtp
exe:/usr/libexec/dovecot/stats
exe:/usr/libexec/dovecot/quota-status


Also i added google IP range (74.125.0.0/16) into ignore list as their IPs triggering firewall LF_BIND rule.
One should regularly watch server log files (WHM/Plugins/ConfigServerFirewall/Watch system logs) to prevent blocking unwanted IPs (check IP details by putting it into www.myip.ms (http://www.myip.ms/))

The CSF can be set to block IPs listed on external IP lists. Configure these lists by clicking "lfd Blocklists" button or by editting file /etc/csf/csf.blocklists
I came to decision to use only these lists:
SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.lasso
SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.lasso
DSHIELD|86400|0|http://www.dshield.org/block.txt
BOGON|86400|0|http://www.cymru.com/Documents/bogon-bn-agg.txt
HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1

Make sure that WHM is monitoring lfd service and keep it running at all times, here are details: http://internetlifeforum.com/control-panels/4603-how-monitor-lfd-service-whm-cpanel-runing-nonstop/

Hostname which resolves to IP

- What is your WHM server hostname? (WHM > Home > Networking Setup > Change Hostname) Make sure that if its like "something.yourhosting.com", you created "A" record in your yourhosting.com DNS settings of your hosting account. (cPanel/xxx DNS Zone editor /) so your hostname is not non-existing, but really resolves to your server IP. Helps increase chances mails dont go to spam.

http://internetlifeforum.com/attachment.php?attachmentid=109&stc=1
- Also ask your server IP address provider to setup rDNS (reverse DNS) entry for your IP. (PTR record), ask them: Hello, please setup an PTR record to "my.hostname.tld" for my IP ****.

Also make sure hostname has signed SSL installed: https://internetlifeforum.com/control-panels/7864-how-change-whm-server-hostname-ssl-certificate/

Emails are sent from domain of the script

- Make sure all your hosted scripts like Wordpress, PHPBB, Drupal and others are sending emails from [email protected] ([email protected])else if you tell scripts to send mail from like [email protected], [email protected] etc., such emails can be marked as SPAM by gmail etc! The sender email address of the emails should always be one which is on the domain name where the mailing php script is hosted. (so it looks like a legitimate email)

- Then enable so called DKIM and SPF for all cpanel acocunts to increase chances your mail is not marked as SPAM: Home / Server Configuration / Tweak Settings - Find "DKIM" and "SPF" and make it "On" by default

Another Miscelaneous things

-1) install DDoS Deflate (http://internetlifeforum.com/security-protection/1132-how-install-ddos-deflate-mitigate-small-ddos-attack/) and then i whitelisted localhost IP and my own IP in it:
# cat "/usr/local/ddos/ignore.ip.list"
myiphere
127.0.0.1
someotheripidontwantblocked

0) If one is using SSD in server, one may consider enabling TRIM, disable access time loging and minimizing linux swapping (http://www.leaseweblabs.com/2013/07/5-crucial-optimizations-for-ssd-usage-in-ubuntu-linux/)

1) Install additional usefull WHM software from ConfigServer: http://www.configserver.com/ Example: CXS or ConfigServer Mail Queues or ConfigServer Mail Manage or ConfigServer Explorer

2) check mod_userdir protection is enabled in WHM » Security Center » Apache Mod_userdir Tweak (important security feature)

3) Run WHM » Security Center » Security Advisor and follow security advices

4) setup cronjob to automatically change peprmission of the wordpress etc. database data files, command like: find /home -type f -iname "wp-config.php" -exec chmod 600 {} \; this can prevent hacker from other shared cpanel account reading wordpress etc. database data of other users.

5) In WHM / Service Configuration / PHP Configuration / Advanced config, i have these globally disabled functions: disable_functions = "allow_url_fopen, allow_url_include, apache_child_terminate, apache_get_modules, apache_get_version, apache_getenv, apache_setenv, curl_multi_exec, diskfreespace, disk_free_space, disk_total_space, dl, enable_dl, escapeshellarg, escapeshellcmd, exec, filegetcontents, fsockopen, get_cfg_var, ignore_user_abort, link, passthru, pcntl_exec, pcntl_fork, pfsockopen, phpinfo, popen, posix_getlogin, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setuid, posix_ttyname, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, show_source, socket_listen, source, symlink, syslog, system, system_exec, xmlrpc_decode, xmlrpc_entity_decode"
If some account need one of these enabled, then after considering, i can allow it by adding something like:


[PATH=/home/clientaccountname/public_html]
disable_functions = "popen"
memory_limit = 128M
magic_quotes_gpc = Off

(so only that one function is disabled, rest enabled)

into global php.ini (discover path by command: php -i | grep php.ini)
The above code must be added to the last line of the global php.ini
Here is more about this task: http://internetlifeforum.com/mysql-apache-php/1921-tutorial-how-enale-php-function-like-exec-only-one-cpanel-account-whm/

6) install maldet (http://internetlifeforum.com/security-protection/2155-maldet-linux-malware-detector-how-install-use/) malware detector for regular scans & probably enable auto quarantine

7) monitor your IP block (IP subnet) or just IP on which are hosted websites for new phishing/virus issues usinghttp://support.clean-mx.de/clean-mx/portals.php?review=YOURIPHERE . Monitoring can be done by tools mentioned here (http://internetlifeforum.com/internet/792-how-monitor-some-website-changes-tool/) also theSPAM blacklists (http://internetlifeforum.com/general-webmaster-discussion/2168-ip-blacklist-monitoring-service/) can be monitored

8) hide BIND version number (http://internetlifeforum.com/security-protection/2358-found-bind-version-banner-%5Bname-4210%5D-http-cisofy-com-controls-name-4210-a/)

9) install & run rkhunter and lynis security auditing tools (try: yum install lynis rkhunter) (http://internetlifeforum.com/security-protection/3173-how-use-lynis-rkhunter-read-its-warnings-log/)

10) install mod_evasive (http://internetlifeforum.com/security-protection/1826-how-install-mod_evasive-anti-denial-service-apache-module-whm-server/)

11) Edit default page template, suspended page template in: WHM » Account Functions » Web Template Editor

Default Website Page template


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>Default Web Site Page</title>
<body>
<h1><span style="color:green;">Default Web Site Page</span></h1>
<p><strong>TIPS: If you are the web site owner, it is possible you have reached this page because:</strong></p>
<ul>
<li>The IP address has changed.</li>
<li>There has been a server misconfiguration.</li>
<li>The site may have been moved to a different server.</li>
</ul>
<p><strong>If you are the owner of this website and were not expecting to see this page, please contact your hosting provider InstantCpanelHosting.com thru client area and submit a ticket.</strong></p>
<p>It may be possible to restore access to this site by <a href="http://www.cpanel.net/docs/dnscache/cleardns.html" target="_blank">following these instructions</a> for clearing your dns cache.</p>


<h2><span style="color:green;">Advertisement:</span></h2>
<p>Join <a href="http://cashbb.com">Money Maker Forum</a></br>Join <a href="http://internetlifeforum.com">Webmaster & Hosting Forum</a></br>Get <a href="http://instantcpanelhosting.com">$0.5 hosting or a server</a></p>

</body>
</html>


Account Suspended template:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>Account Suspended</title>
</head>
<body>
<h1>Account Suspended</h1>
<div>
<div>
<p>This Account Has Been Suspended temporarilly or permanently. But dont worry, this website can be put back online after contacting <a href="http://instantcpanelhosting.com">hosting provider</a> and solving issue with this website.</p>
<p>Possible reasons why you see this page: hosting invoice not paid, website violating terms of service, abuse.</p>
</div>
</div>
</body>
</html>


12. create files that will be added into each newly created cPanel hosting account. Meaning for example: "favicon.ico", "robots.txt", "index.html". This is a directory where to add files:


cd /root/cpanel3-skel/public_html;ls -l;

i created robots.txt with following command:


echo -e "User-agent: *\nCrawl-delay: 3\nDisallow: /cgi-bin/" > robots.txt

then i uploaded this favicon into same directory: http://internetlifeforum.com/files/favicon.ico
( http://internetlifeforum.com/files/favicon.ico )

13. Installing Varnish, can speed up server, but i was getting 403 errors on websites form time to time so i disabled it! Installation:How to install Varnish on an WHM/cPanel server? (http://internetlifeforum.com/mysql-apache-php/2611-how-install-varnish-whm-cpanel-server/)

14. Install Nginx as an Apache fronend to speed up whole webserver. It is super simple with NginxCP, here is how to install it: How to install / uninstall NginxCP on an WHM server (http://internetlifeforum.com/mysql-apache-php/2625-how-install-uninstall-nginxcp-whm-server/)

15. Install Mod Security according to manual: ModSecurity how to setup on WHM/cPanel server? (http://internetlifeforum.com/security-protection/1924-modsecurity-how-setup-whm-cpanel-server/)

16. Get alerted if mailqueue is too big and delete user emails if more than certain number: How to prevent exim mailqueue full? (http://internetlifeforum.com/reseller-hosting/2312-how-prevent-exim-mailqueue-full/)

17. check apache security settings by script from http://www.codeproject.com/Articles/42434/Webserver-Security-Check
Here is backup file: http://internetlifeforum.com/files/securitycheck.php_

18. Tweak apache configuration (WHM/Service configuration/Apache configuration) and set Timeout to like 60 to prevent long running scripts.

19. another Apache timeouting can be done by module reqtimeout, here is the tutorial (http://internetlifeforum.com/mysql-apache-php/3353-how-add-cutom-apache-modules-into-easyapache-whm-cpanel-server/)

20. make sure tmpwatch is installed (# yum install tmpwatch) and cleaning /tmp partition, make sure this is in crontab (# crontab -e):
*/20 * * * * tmpwatch --mtime --all 336 /tmp/eaccelerator >/dev/null
0 * * * * /usr/sbin/tmpwatch --mtime --all 24 /tmp # deleting 24 hours older /tmp files

21. after accessing http://your.whmserver.hostname/ , if there is an error 500, you can try adding following to the WHM/Service Configuration/Apache Configuration/Include Editor/Pre VirtualHost Include

<VirtualHost YourWHMServerIPHere:80>
ServerName YourWHMServerIPHere
DocumentRoot /home/YourcPanelUsernameHere/public_html/SomeDir
DirectoryIndex index.php
ServerAdmin [email protected]

<IfModule suphp_module>
suPHP_UserGroup YourcPanelUsernameHere YourcPanelUsernameHere
</IfModule>

</VirtualHost>
This will redirect all hostname/IP visitors to some webpage (php file) instead of error 500. Edit underlined text

21. to allow people adding addon domain even these are not registered or pointing to different server, edit /var/cpanel/cpanel.config and set allowunregistereddomains to "1"

22. disable execution of the malicious scripts in tmp directories: https://internetlifeforum.com/linux-forums/8776-how-make-tmp-var-tmp-dev-shm-noexec-nosuid-even-openvz/

----
Regular security scans:


find /home*/*/public_html -type l
(finds symlinks in user accounts, that can be a security issue (google: whm symlink race protection)


find . -type f -newermt 2007-06-07 ! -newermt 2007-06-08

find files modiffied in certain date period in the past (can be handy if there was some injection or security issue and hacker might inserted malicious scripts to several places)


find /home -type f -name "wp-config.php" -exec chmod 600 '{}' \;
find /home -type f -name "config.php" -exec chmod 600 '{}' \;

above 2 commands change permission of wp-config.php and config.php files (usually used for storing mysql database login credentials) in all cpanel accounts so they cant be read by other scripts on server probably (security measure).



----
Transfer of existing cPanel accounts to a WHM server? this tutorial can come handy (http://internetlifeforum.com/reseller-hosting/1827-how-transfer-shared-reseller-cpanel-account-cpanel-dedicated-server/) if you need to transfer exisitng cpanels to new server.