Opting for a cloud server versus a cPanel-managed VPS means greater control over your Linux operating system (OS). While you can modify Cloud Server DNS records in Account Management Panel (AMP), it’s your responsibility to implement further security measures. While cPanel administrators use Web Host Manager (WHM) features to harden servers, you’ll need to decide what to install to suit your needs.
This starts with ensuring you select the right server OS for your needs.
- Are you used to managing cPanel with RPMs and CentOS commands? Maybe stick with CentOS.
- Do you need the latest features and software versions – stable or not? Check out Ubuntu.
- Do you prioritize stability and minimalism? Try Debian.
Configure a Firewall
Some OSs don’t include a preinstalled firewall application. Check to see if UncomplicatedFirewall (UFW) or Firewalld are installed. If not, install one of them, or ConfigServer Security & Firewall (CSF), and only open the ports you need.
Whether you’re running Apache or Nginx, install ModSecurity for additional signature-based protection.
If you have a complex server environment requiring many open ports, consider using Nmap to audit your setup.
While configuring your firewall, consider changing your default SSH port from 22 to protect against brute force SSH login attacks. Also, create a regular user account so that you’re not using root access unless needed. In many cases, it’s better to use the normal user account and
sudo when administrator privileges are required. This makes access log auditing easier by minimizing the expected activity for the root user account.
Install an SSL Certificate
cPanel servers rely on AutoSSL to maintain Comodo-signed, domain-validated (DV) SSL certificates. Without server management software, you’ll need to manage SSLs manually or with external tools. There are many websites that will create SSL for you (e.g. SSLforFree.com) but we cannot speak for their reputation. We recommend installing Certbot to produce and automate SSLs. Then ensure all traffic is forced to port 443 (HTTPS).
Security HTTP Headers and Subresource Integrity (SRI)
Security HTTP headers and SRI assist your SSL with protecting your visitors privacy and from cross-site scripting (XSS). Start with Strict-Transport-Security (HSTS) to enforce SSL usage within browsers and Referrer-Policy to sterilize user input to analytics software. Then slowly work on Content-Security-Policy (CSP).
Submitting your website for preloading at Hstspreload.org isn’t required or recommended for websites that aren’t pro-actively maintained. It’s still a good practice to use the web application to check your HSTS header.
You can maintain server snapshots in AMP. However, you cannot restore individual files from a snapshot. Therefore, create and verify server backups at least monthly. We’ve covered how to create backups using the tar and zip commands. If you use Webmin, Vesta Control Panel, or another server management suite, learn how to create, verify, and download server backups manually and automatically. The redundancy ensures you always have a way to create and restore backups.
Cloud Server Updates
Ensure all installed software is updated. If any software you use can’t alert you of available of updates via email or log entry, follow the developer’s official social media account(s) or RSS feed. If you need assistance with upgrading your server OS, contact Managed Hosting.
Do your authoritative nameservers and domain top level domain (TLD) support DNSSEC? InMotion Hosting nameservers and a long list of popular TLDs support DNSSEC including .com, .net, and .org. Contact your domain registrar for more information.
Consider an Anti-Virus Scanner
Does your web application allow users to upload files? If so, you should have an AV scanner check those files for malware signatures upon upload and periodically afterwards as changes occur. We recommend ClamAV or ImunifyAV FREE.
I recommend starting with cybersecurity awareness training from DoD Cyber Exchange.
Managed Hosting specializes in custom server-level configurations and optimizations. Ask Live Support about Launch Assist to help you get started and your allotted Managed Hosting time.
Community Support Center is the place to engage the community for support, alternatives, and additional assistance. Remember, the forum is not a live chat support medium and InMotion administrators do not have access to your hosting account. For immediate assistance with support and billing, contact our 24/7 Live Support.