Skip to main content

Tag: security

cPanel SSL / TLS

Overview

SSL (Socket Security Layer) or TLS (Transport Layer Security) is a mechanism for encrypting data, which is transferring from your computer to host or server and vice versa.

Generate a CSR

CSR (Certificate Signing Request) is an encoded certificate, which CA authorities ask for when we purchase a SSL certificate from them. To issue a SSL certificate they need some additional information, which we provide in the CSR.

To generate a CSR, follow these steps below.

Step 1 − Click SSL/TLS link found under Security section of the cPanel.

Step 2 − Under Certificate Signing Request (CSR) click Generate, view, or delete SSL certificate signing requests.

Step 3 − In SSL Certificate Signing Request Interface, scroll down to see Generate a New Certificate Signing Request (CSR).

Step 4 − Choose an existing Private Key from Key dropdown. You can also choose to generate a new Private Key.

Step 5 − Enter Domains for which you want to generate CSR. You can choose a wild card domain by putting * as a subdomain.
E.g. *.example.com.

Step 6 − Provide all necessary information in text fields like City, State, Country, Company etc.

Step 7 − Click Generate Button to generate a CSR.

Installing SSL

To activate SSL/TLS certificate in your domain or Subdomains follow these steps −

If you have obtained a SSL/TLS certificate from a Trusted Certificate Provider, to use it on your website, you will need to upload it to your server.

To generate Upload a SSL/TLS certificate, follow these steps below.

Step 1 − Click SSL/TLS link found under Security section of cPanel.

Step 2 − In the left-side pane, click Install and Manage SSL for your site (HTTPS).

Step 3 − In this interface, you can choose to install SSL in your website. Scroll down to install an SSL Website.

Step 4 − Choose a certificate from the installed certificates by clicking on Browse Certificates. Or, you can also select a Domain from the dropdown box. Then paste the certificate you obtain from your SSL Provider in the Certificate: (CRT) field.

Step 5 − All fields of Certificates, Private Key and Certificate Authority bundle will be filled automatically.

Step 6 − Click Install Certificate button to activate the certificate for the Domain or Subdomain.

cPanel Two Factor Authentication

Overview

Two-factor authentication (2FA) is a security measure that requires two forms of identification. After you enter your password, you must enter a security code. An application on your smartphone supplies this code. Without your smartphone, you cannot log in.

Note:
2FA requires a smartphone with a supported time-based one-time password (TOTP) app. We suggest the following apps:

Important:

2FA supports only one concurrent session for any user. If you open several browser windows to cPanel and log out in one of them, the server will log out the other windows.

To configure 2FA, perform the following steps:

  1. The Two-Factor Authentication menu can be found in the cPanel >> Security >> Two-Factor Authentication:
  2. Go to the Two-Factor Authentication menu and click on the Set Up Two-Factor Authentication button:
  3. Connect your cPanel to your Authenticator app.There are 2 ways to connect the app:
    • Automatically create the link by scanning the displayed QR code with your app
    • Manually create the link by entering the provided Account and Key information in your app
  4. After the app is installed and connected to the cPanel, continue by entering the six-digit security code into the cPanel >> Security >> Two-Factor Authentication >> Step 2 >> Security code:
  5. You should receive the following success message:
  6. During the next cPanel login, after you enter your username and password, you will be redirected to the next page to enter the security code:

cPanel Virus Scanner

Overview

Many cPanel web hosting comes with this ClamAV virus scanner feature to guard against potential threats on your server. You can run on-demand scan of your files to see if they are infected with any virus or not. ClamAV is an open source powerful antivirus, it uses its extensive database to detect several types of potential threats like viruses, Trojan horses, malwares, malicious scripts etc.

You can scan different sectors of your home directory using the antivirus. To scan your account with a virus scanner, use the following steps.

Step 1 − Open cPanel Virus Scanner by clicking the Virus Scanner link in the Advanced section of the cPanel home.

Step 2 − You can choose the scan type from here.

  • Scan Entire Home Directory − This option will scan your entire cPanel account. If you choose this option, no need to run the scan on other options. This will scan your home directory, which contains the Emails, FTP accounts and Website.
  • Scan Mail − This option will scan your emails for viruses. If somebody sends a malicious email having some virus or malware, this virus scanner will tell you that.
  • Scan Public FTP Space − This option will scan your public_ftp folder. If somebody uploaded a malicious file through FTP, virus scanner will find it.
  • Scan Public Web Space − This option will scan your public_html in which all your front end files reside.

Step 3 − Click Scan Now button to start the scan and it will automatically show you the results.

If the Virus Scanner finds any malicious software, then it will give you options to correct the error. You may choose the option accordingly.

Note: Virus Scanner takes time specially when your cPanel account has a lot of files and directories. It is recommended to perform virus scanning during off-peak hours.

cPanel ModSecurity

Overview
ModSecurity is an open-source web-based firewall application (WAF) supported by different web servers like Apache, Nginx and IIS.

Usage
The module is configured to protect web applications from various attacks. ModSecurity supports flexible rule engine to perform both simple and complex operations. It comes with OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set). The OWASP ModSecurity™ CRS is a set of rules that Apache’s ModSecurity™ module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.

It comes with a Core Rule Set (CRS) which has various rules for:

  • cross website scripting
  • bad user agents
  • SQL injection
  • trojans
  • session hijacking
  • other exploits

Why should I use the OWASP ModSecurity rule set?

  • Protection from insecure web application design — ModSecurity rule sets can provide a layer of protection for web applications such as WordPress, phpBB, or other types of web applications. It can potentially protect against vulnerabilities in out-of-date web applications that protect against vulnerabilities in unpatched, out-of-date applications. If the developer of an application makes a security mistake, ModSecurity may block a security attack before it can access the vulnerable application.
  • Protection against operating system level attack — ModSecurity rule sets can protect against attacks that exploit the operating system of your server. For example, in 2014, there was a security flaw in the Bash shell program that Linux servers use. Security experts created ModSecurity rules to disallow the use of the exploit thought Apache. Server administrators used these ModSecurity rules and added additional security to their system until the release of a security patch for Bash shell.
  • Protect against generalized malicious traffic — Some of the security threats that server administrators face may not directly attack a program or application on your server. DoS (Denial of Service) attacks, for example, are common attacks. You can reduce the impact of such malicious traffic through the use of ModSecurity rules.

What are the risks?
As with any mechanism that blocks web traffic, OWASP rules could block legitimate traffic (false positives). While both OWASP and cPanel, L.L.C. aim to curate the OWASP rule set to reduce the potential for false positives, the rule set may block legitimate traffic.

What is imunify360?

Overview

imunify360 is a complete Six-Layer Security that is installed to iManila shared servers. It protects our websites from different digital attacks. Imunify360 is an automated security solution, powered by AI and Proactive Defense, that will protect your web servers from infections, maintain secure kernels, and keep you in the know with relevant information.

  • Advance Firewall
    Imunify360 offers advanced firewall protection that uses cloud heuristics and artificial intelligence to detect new threats and protect the servers that run the software. The firewall is capable of defending against brute force attacks, DoS attacks, and port scans.The firewall tightly integrates with mod_security web application firewalls to dramatically enhance its usefulness. In combination with WAF, we can stop the majority of web application attacks even before they start. An advanced Captcha system is employed to reduce false positives and make sure that valid customers can reach your website.
  • Intrusion Detection and Protection System (IDS)
    Imunify360 features an excellent Intrusion Prevention System (IPS) with a comprehensive collection of “deny” policy rules to quickly block all known attacks, especially those using a common or well-known exploit tool.The Intrusion Detection System (IDS) provides excellent visibility of server security by monitoring server logs. It scans log files from all different angles and bans IPs that show malicious signs, such as password failures, potential exploits, etc. It helps protect your server from attacks and reports to the Imunify360 dashboard.
  • Malware Detection
    Over 68% of hosting providers say that malware infection is a top issue for their customers’ web servers.    Imunify360 automatically scans file systems for malware injection and quarantines infected files.
  • Proactive Defense
    Imunify360’s Proactive Defense (previously known as Sandboxing) protects websites against zero-day attacks – it stops even the malware that no scanner is able to detect. It identifies attacks on your Linux web servers in real time, then blocks potentially malicious executions automatically and with zero latency.    Proactive Defense uses a unique method of identifying security risks – it analyzes what scripts do rather than what is actually in the code.

image from imunify360.com

  • Patch Management
    Rebootless Secure KernelRebootless Secure Kernel powered by KernelCare is a component that keeps your server secure by automatically patching kernels without having to reboot the server. Its agent checks for new patches every four hours and automatically applies them to the running server without any performance impact. KernelCare keeps your kernel updated to help you avoid disastrous incidents.Hardened PHPHardened PHP is a component that ensures your web server security by patching all PHP versions against known vulnerabilities, allowing you to run any version of PHP without having to update programs to accommodate newer versions.

What is CageFS?

Overview

CageFS is one of the core features of CloudLinux. It is a virtualized, per-user file system that uniquely encapsulates each cPanel users, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks. It is design to add security to cPanel-based shared hosting environment.

With CageFS

  • Users only have access to safe files.
  • Users cannot see other users and have no way to detect the presence of other users or user names on the server.
  • Users cannot see server configuration files, like Apache config files.
  • Users have a limited view of their own processing file system, and cannot see other users’ processes.

What is CloudLinux?

Overview

CloudLinux was released to the market in 2010. Today, it is a must-have for any web host who cares about stability, security, and churn. It is used by more than 2,000 hosting companies on 20,000+ servers. CloudLinux is interchangeable with CentOS so any SysAdmin will feel right at home. Yet, it was specifically optimized for shared hosting. Web hosts that use CloudLinux report higher uptime, significant improvements in density (as much as 5x), 4x decrease in number of reboots, and 10x decrease in number of account suspension they have to perform. It has also produced a significant decrease in churn for a number of customers.

The software specifically made for web hosts running cPanel control panel with multiple accounts. If you are a shared host, or a design company that has to host sites on behalf of the client – CloudLinux is your friend.

CloudLinux + cPanel =

  • Improved stability by limiting the resources any single user can consume
    In shared hosting, the most common reason for downtime is a single account slowing down other accounts on the server. Using cPanel & WHM software with CloudLinux utilizes innovative Lightweight Virtual Environment (LVE) technology, improving the density and stability of your shared hosting environment for all tenants.
  • Advanced server security
    With unique CageFS technology, CloudLinux encapsulates each customer, preventing users from seeing each other and viewing sensitive information. It also prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
  • Increased server efficiency
    By monitoring and containing resource spikes, CloudLinux eliminates the need to leave server resources idle, providing you with the ability to host twice as many accounts on your cPanel & WHM server.
  • Multiple PHP versions
    Using CloudLinux together with cPanel & WHM software gives your customers with the flexibility to choose the PHP version that they need.
  • Hardened kernel
    The shared hosting environment is unlike any other and the CloudLinux kernel takes that into account. It can protect against symlink attacks and trace exploits, while restricting the visibility of ProcFS to only what is necessary — making your cPanel & WHM servers more secure.

reference: https://blog.cpanel.com/what-is-cloudlinux/

Why can’t I access my website, cPanel and Webmail?

Overview

Sometimes you find the website hosted with iManila inaccessible and more than that, you are not able to access cPanel and webmail. The links http://yourdomain.com/cpanel and http://mail.yourdomain.com/webmail are displaying an error message Server connection timed out. What is happening? Most likely, your public IP address was blocked by the Server Firewall.

Firewall is a network security device designed to protect networks from unauthorized access, while permitting legitimate communications to pass. For obvious security reasons, a Firewall has to be installed in any server. A standard practice not just by hosting providers but, by anyone who puts up a service accessible in the cloud.

Automatic firewall blocks are created for a certain external IP address from which unauthorized access attempts were noticed by the Firewall monitoring program. In case of 5 failed login attempts from your IP address, it gets temporarily blocked for 20 minutes. If more failed login attempts are detected during this period, the IP gets blocked permanently. If the server detects 15 failed login attempts from different IP addresses, this account will be temporarily locked for 10 minutes.

So, if you find yourself not being able to connect to the website, cPanel and webmail from a certain computer, most likely, you have triggered the Firewall rules. Please contact our Support and we will assist you on unblocking your IP address.

How to identify your IP address? A simple Google search of “what is my ip” will give a result of your current public IP address.  You can also check your IP address from here.

What can be the reason of the IP being blocked and how to avoid it?

  • Exceeding the number of failed cPanel login attempts
    When you were not able to log into cPanel for the first time, please do not try to do it as many times as possible. Once you have used the incorrect login details 5 times, the IP gets blocked. To avoid that, please check your login details in the Welcome Email Guide that was sent to the email account associated with the hosting package. Otherwise, feel free to send a request for the cPanel password reset via our support email
  • Failed POP3/IMAP/SMTP or Webmail login
    Apart from cPanel login protection, Firewall also prevents unauthorized access to mail service.
    • Block due to webmail failed login attempts – If you were having issues with logging into webmail and, as a result, both cPanel and webmail are no longer available, most likely you have triggered a similar IP block for email access.
    • Block due to failed POP3/IMAP login attempts – If you start receiving errors/pop-up windows related to IMAP/POP3 failed authentication in your email client, then it is possible that login credentials for the email account are outdated/incorrect. Unfortunately, in this case the email client will not stop trying to access the mail server which may in time result in a permanent IP block as well.
    • Block due to failed SMTP login attempts – This kind of block occurs when SMTP authentication data is not valid so you can’t send mail from the email client (you can still have correct settings for the incoming mail server and receive new emails without issues). Usual symptoms for such issue are the emails that do not leave the “Outbox” folder or errors/pop-up messages that notify about failed SMTP authentication. Make sure that SMTP login is your full email address, and the password is the same as for the incoming mail server. If you still can’t log in with the old password, consider resetting it once your IP address is unlocked. You can do it in your cPanel account on the Email accounts page:
  • Incorrect email client settings
    The email client settings may also cause an IP block, so if you are struggling with an email client setup, it is better to delete the non-functioning email account from the email client and start from scratch later. You can find the correct settings here.NOTE: Frequent POP3 queries to the server can cause high general server load. In order to avoid this, we have implemented the limit of 10 POP3 connections per hour from a single IP address for all shared users. Therefore, it is not recommended to set POP3 mail check interval to less than 5 minutes in order to avoid IP blocking.
  • PortScan activity
    Port scan is an attack that sends requests of a client to a range of server port addresses on a host with the goal of finding an active port and exploiting a known vulnerability of that service. To avoid that, please make sure your clients are configured in a way not to permanently attempt to scan ports of a server. Reduce timeout intervals on all FTP and mail clients in your network. If there are many users in your network, and all of them are accessing the Internet from an external IP address, make sure they do not reconnect using FTP or mail clients frequently. Connection requests coming from one IP can trigger the firewall to block the IP.