Quick question. Do you feel confident about your current cybersecurity strategy? According to a study by IBM and the Ponemon Institute, the average cost of a data breach is $3.86 million. Falling victim to a data breach could be devastating for your share hosting company. Don’t think 2-Factor Authentication (2FA) is enough to keep your cPanel server protected. For example in November 2020, hackers exploited a vulnerability in cPanel and WebHost Manager and bypassed 2FA using brute force.
Without a good cybersecurity strategy, safeguards like 2FA are nothing more than speedbumps that slow cyberattackers down. But the attacks can still happen––, and when they do, the consequences can be devastating for a web hosting company. Not only will you deal with expensive regulatory fines and penalties, but you must also earn back the trust of your customers. And that’s not easy.
Now for the good news. Keeping your cPanel server protected from data breaches and other malicious activity isn’t as hard as you think. You have to make cybersecurity a top priority.
Here are five ways you can do that!
1. Use Strong Passwords
Weak passwords are easy to hack. We all know this, but not everyone follows good password practices. If your password gets cracked, the rest of your cybersecurity is pretty much compromised.
cPanel has a Password Generator feature that automatically creates a secure password for you. We recommend using it if you haven’t already and generating a new password every month.
You can configure your server’s password options by editing the “/etc/login.defs” file. That way, every password has to follow your security protocol. So, you avoid using generic default passwords like “admin” or “password.”
And don’t forget to enable SSL for cPanel to prevent malicious parties from snooping and finding sensitive information. You can do this by going to the “Tweak Settings” menu under “Server Configuration.”
2. Strengthen Your SSH Security
Secure Shell (SSH) is a network protocol that lets you access your cPanel server remotely. You can use this feature to manage your server from anywhere.
Here’s the thing––if you can access your server remotely, so can a determined hacker. But you can minimize their chances of success by strengthening your SSH security. Here’s how:
Change ports: The default SSH port is 22, and that’s the first port that attackers will try. cPanel recommends changing to any port between 1-1023 that another service isn’t already using.
Limit SSH access: You may need to give others SSH access from time to time. Only grant them the privileges they need to do their job. You can do this by creating jailed shell environments.
Conduct privilege audits: Do an audit every couple of months to see who has SSH access. Revoke privileges of anyone who no longer needs that access.
Also, make sure you’re using SSHv2. That’s the most current version of SSH, and it offers more security than SSHv1. You can do this by editing the “/etc/ssh/sshd_config” file and changing “#Protocol 2,1” to “#Protocol 2.”
3. Keep cPanel Updated
Remember that 2FA vulnerability we mentioned at the beginning of this post? The attackers managed to bypass 2FA by exploiting a flaw in cPanel & WHM version 18.104.22.168. While cPanel was quick to release a patch that addressed this problem, users that didn’t update remained vulnerable to outside threats.
Keeping cPanel up to date will help you stay protected against flaws that could compromise your cybersecurity.
You can update cPanel through:
WHM by visiting WHM > cPanel > Upgrade to Latest Version
The command line by running the “/usr/local/cpanel/scripts/upcp” script while logged in as the root user
One more thing. cPanel strongly recommends users keep Apache up to date to minimize the risk of cyberattacks. You can do this in WHM by navigating to WHM > Home > Software > EasyApache 4 and clicking “Run System Update.”
Using stronger passwords is your first line of defense against brute force attacks. They make it significantly harder for hackers to guess your credentials. But strong passwords aren’t enough to protect you from determined hackers looking to access your server.
That’s where cPHulk can help.
cPHulk is a brute force protection tool designed to prevent hackers from guessing your security credentials. It works by blocking IP addresses that repeatedly enter incorrect usernames and passwords.
You can enable cPHulk through WHM > Security Center > cPHulk Brute Force Protection. There, you can set the number of failed login attempts. This will prompt cPHulk to block an IP address from your server when exceeding the number you set.
Just make sure to add your IP address to Whitelist Management if you have a static IP. That lets cPHulk know not to ban your IP if you have too many failed logins. The last thing you want is to be locked out of your own server because you entered the wrong password.
5. Deploy a Comprehensive Server Protection Solution
There are several practices you can implement to strengthen your server security. Using stronger passwords and updating your IT infrastructure will go a long way towards protecting you from cyberattacks.
But there will always be security vulnerabilities that pop up, and hackers will always look for ways to exploit them. The best way to minimize the risk of cyberattacks is to deploy an effective server protection suite in conjunction with the security practices above. This will give your server an added layer of protection by protecting you from hackers looking to circumvent your other security measures.
Get the Protection You Deserve with BitNinja
If you’re looking for a comprehensive solution offering round-the-clock protection for your cPanel server, BitNinja can help.
Our Honeypot feature actively traps potential hackers by setting up decoys and blocking malicious IP addresses from your site. And our Log Analysis tools actively monitor traffic, flagging malicious activity so you can catch potential threats before they strike.
Cybersecurity is not optional anymore. It is a must! If you haven't tried BitNinja yet, don't forget to register for the 7-day free trial!No credit card needed!
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.