• GoDaddy Community
  • VPS & Dedicated Servers
  • VPS & Dedicated Servers

    cancel
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    Go to solution
    Highlighted

    Securing WHM (Web Host Manager)

    Can someone help me understand how to better secure my server? I noticed an unauthorised access, I changed my password and even enable questions to be asked before anyone can log in yet, someone was able to log on to my server and created an account on it.

     

    Can anyone please point some tips to me to help me prevent such access

    1 ACCEPTED SOLUTION

    Accepted Solutions
    Highlighted
    Super User I Super User I
    Super User I
    Solution

    Re: Securing WHM

    I'm sure that I'm not the only one to tell you this but:

    • Move SSH access to a different port
    • Use a separate /tmp partition
    • Disable all services and daemons that you do not use
    • Enable a firewall
    • Stay up-to-date on your version
    • Monitor your system (seems like you are doing that)
    • Disable compilers for all users who are not in the compilers group
    • Secure your Apache installation
    • Increase your password required strength
    • Disable anonymous FTP access

    I don't know your exact environment but those are some generic tips. Maybe you can install a rootkit hunter if it's really bad? Some of the things above ar one click solutions that can really help with little effort or changes on your part. Hope that helps.

    ...turns out that my two cents is worth less or more depending on the current exchange rate.

    roy darling *my posts seem a lot shorter in my head

    View solution in original post

    1 REPLY 1
    Highlighted
    Super User I Super User I
    Super User I
    Solution

    Re: Securing WHM

    I'm sure that I'm not the only one to tell you this but:

    • Move SSH access to a different port
    • Use a separate /tmp partition
    • Disable all services and daemons that you do not use
    • Enable a firewall
    • Stay up-to-date on your version
    • Monitor your system (seems like you are doing that)
    • Disable compilers for all users who are not in the compilers group
    • Secure your Apache installation
    • Increase your password required strength
    • Disable anonymous FTP access

    I don't know your exact environment but those are some generic tips. Maybe you can install a rootkit hunter if it's really bad? Some of the things above ar one click solutions that can really help with little effort or changes on your part. Hope that helps.

    ...turns out that my two cents is worth less or more depending on the current exchange rate.

    roy darling *my posts seem a lot shorter in my head

    View solution in original post