bspacer1 bspacer2
webmail hosting forum clients about

Computer Co-op, CornerNET Internet Gateway, and PJR Solutions is owned by PJR Sales & Service. Quality products and online services since 1991. We can be your
Complete Computer Connection

Hosting @ $5.95

Domains @ $16.98
Home PagePortal HomeClient AreaAnnouncementsKnowledgebaseSupport TicketsDownloadsRegister

Knowledgebase
You are here: Portal Home > Knowledgebase > cPanel Related Issues > cPanel common questions and problems > Basic security guidelines for the shared hosting server

Basic security guidelines for the shared hosting server

Make sure your local computer is safe. Use reliable updated antivirus software.

Check whether all of your web applications are up-to-date. This includes any modules, components and addons you have added and / or integrated;

Pick up strong passwords for the main cPanel account, MySQL, FTP and mail users. Never use the same passwords for different users. For example a MySQL user should not have the same password as your cPanel user or an FTPuser. It is essential that your cPanel user's password is not found in any file on your account by any means;

Avoid having directories with permissions above 755. If your applications require such directories, try to put them outside your webroot (public_html) or place a .htaccess file in them containing "deny from all" to restrict public access to these files.

Use only secure / encrypted connections when logging in cPanel (http://yourdomain.com:2083).

Configure your site to use the latest PHP 5.2 by adding the following line to your .htaccess file:

AddHandler application/x-httpd-php52 .php .php3 .php4 .php5 .phtml

PHP 5.2 has an improved handling of remote code which reduces greatly security problems.

Tweak your local PHP settings for better security. This can be done by disabling unnecessary functions and options. Here are some sample recommended directives:

allow_url_fopen=off

disable_functions = proc_open , popen, disk_free_space, set_time_limit, leak, tmpfile, exec, system, shell_exec, passthru


Note that the above directives can cripple your code's functionality. They have to be pasted in a php.ini file in each directory you'd like to have them applied.

Deny perl and other bots from accessing your site. This can be easily done with the following rules in your .htaccess:

SetEnvIfNoCase User-Agent libwww-perl bad_bots
order deny,allow
deny from env=bad_bots


If you are not using Perl scripts, add a bogus handler for these files. In your home directory create a .htaccess file with the following content:

##Deny access to all CGI, Perl, Python and text files

Deny from all

##If you are using a robots.txt file, please remove the
# sign from the following 3 lines to allow access only to the robots.txt file:
#
#Allow from all
#


The above will prevent Perl scripts to be executed. Many exploits / backdoors are writtent in Perl and the above will prevent them from running. This directive will apply to all your subdirectories.


IMPORTANT: Once your account has been compromised, it is very likely that the intruder will leave a backdoor to easily gain access later. That's why only fixing your vulnerable code might not be enough. Finding the backdoors will be time-consuming and expensive (requiring a professional developer). That's why you might prefer to start from scratch your site.



Was this answer helpful?

Add to Favourites
Print this Article

Also Read
PHP and HTML redirects (Views: 8479)
When I select Site Software from cPanel I get a message that says "No cPAddons configuration found. Please contact your host and ask that they configure cPAddons." (Views: 11692)
I am having problems with my cronjob and/or it is not working (Views: 3789)
My redirection set from cPanel shows an error (Views: 1926)
Can I have more than one login for my cPanel? (Views: 2962)

Powered by WHMCompleteSolution


Copyright © 1994-2021 PJR Sales and Service All Rights Reserved