Table of contents
When first installing cPanel many users are going to be simply overwhelmed with the amount of options that WHM presents the server administrator, but here are some options and packages that (in our opinion) you should change or install as soon as you install it.
The CSF firewall is a one stop shop for preventing the worst brute force attacks your server will see, it will protect multiple services on a cPanel server.
Tweak settings can be found near the top of the left hand menu on WHM.
Turn OFF “BoxTrapper Spam Trap”, this options sounds good in theory, but will usually end up with you being listed on various mail block lists.
Setting “Max hourly emails per domain” to something like 5000 will at least limit the amount of spam that a single user can send
Apache Configuration > Global Configuration
Disable “Trace”, it’s a little used feature that can give an adversary more information about your server
Set “Server Signature” to Off to hide some version information on error pages
Set “Server Tokens” to “Product Only” to hide as much information about your server setup easily.
Exim Configuration Manager > Advanced Editor
Make sure the following is set on log_selector, this gives you more data to track spammers using your server
log_selector = +arguments +subject +received_recipients
As a starting point we would recommend the “CloudLinux + All PHP options + OpCache +mod_lsapi” profile if you’re using CloudLinux or “All PHP options + OpCache” if you’re using a CentOS install, these are both great baseliens that should support most things your customers need.
There are a vast amount of addons you can get for your cPanel server, however there are some key ones you might want to consider depending on your use case
CloudLinux is an alternative Linux distribution that is fully focussed on the security of shared systems, this in our opinion is an essential addon for any cPanel server, mainly due to the PHP selector, which allows each user to use their own PHP version, also of great use to us is the ability to separate users in to their own LVE (Lightweight Virtual Environment), this effectively stops users from spying on one anothers files.
LiteSpeed is a fantastic server for serving high load websites, while that feature sounds great in theory it’s mostly reserved for higher load websites, so if you’re just starting out it may not make much sense to spend the extra money on this.
Imunify is essentially a HIPS and Anti Virus system for your cPanel (and other control panels) server. It is great for detecting malware that users have uploaded to your server in real-time, which is great for a shared hosting envvironment where users and webmasters cannot be trusted fully. This may have more limited use on internal and/or highly controlled systems but it may be worth the piece of mind for some people.