1) Upgrade Apache/PHP, MySQL, OpenSSH, OpenSSL cP/WHM etc


Update your Apache/PHP, MySQL, OpenSSH, OpenSSL, cP/WHM... and be sure that you running the latest secured version.

2) cP/WHM Configuration


WHM - Server setup - Tweak Security:


Enable php open_basedir protection

Enable mod_userdir protection

Disable Compilers for all accounts(except root)

Enable Shell Bomb/memory Protection

WHM - Account Functions:


Disable cPanel Demo Mode

Disable shell access for all accounts(except root)

WHM - Service Configuration - FTP Configuration:


Disable anonymous FTP access



Set some MySQL password(Don't set the same password like for the root access)

-If you don't set MySQL password and if someone upload shell(E.G c99) on some site on server he will be able to login into db with username "root" without password

and delete/edit/download any db on that server

WHM - Server Setup:


Go to Server Setup and enable suEXEC and PHPsuEXEC

When PHP runs as an Apache Module it executes as the user/group of the webserver which is usually "nobody" or "apache".

PHPsuEXEC changes this so scripts are run as a CGI. Than means scripts are executed as the user that created them.

With PHPsuEXEC script permissions can't be set to 777(read/write/execute at user/group/world level)

3) SSH Access


Change SSH port(set something like 1334)

You can change it in /etc/ssh/sshd_conf

There is a lot of script kiddiez with brute forcers and they will try to crack our ssh pass because they know username is root, port is 22

But we are smarter, we changed SSH port :)

Also, their "brute forcing" can reduce server load, that means our sites(hosted on that server) will be slower

SSH Legal Message

edit /etc/motd, write in motd something like that:

"ALERT! That is a secured area. Your IP is logged. Administrator has been notified"

When someone login into SSH he will see that message:

ALERT! That is a secured area. Your IP is logged. Administrator has been notified

And at the end restart SSH, type "service sshd restart" into SSH

4) Mod_Security


Mod_Security is a web application firewall and he can help us to secure our sites against RFI, LFI, XSS, SQL Injection etc

If you use cP/WHM you can easly enable Mod_security in WHM - Plugins - Enable Mod_Security and save

Now I will explain how to install Mod_security from source.

You can't install Mod_Security if you don't have libxml2 and http-devel libraries.

Also, you need to enable mod_unique_id in apache modules, but don't worry, I will explain how to do it :)

Login into SSH and type...


yum install libxml2 libxml2-devel httpd-devel


libxml2 libxml2-devel httpd-devel should be installed now

then you need to edit httpd.conf file, you can find it here:


You need to add this in your httpd.conf file

LoadModule unique_id_module modules/

Now download the latest version of mod_security for apache2 from

login into SSH and type...


cd /root/downloads


tar zxf modsecurity-apache_2.1.7.tar.gz

cd modsecurity-apache_2.1.7

cd apache2


Now we need to edit Makefile, file is located here:


change "top_dir =" with "top_dir = /usr/lib/httpd"

then type:



make install



# /etc/httpd/conf/httpd.conf

LoadModule unique_id_module modules/

LoadFile /usr/lib/

LoadModule security2_module modules/

Include /etc/httpd/conf/modsecurity.conf


go at the end of httpd.conf and place an include for our config/rules file...

Include /etc/httpd/conf/modsecurity.conf

Content of /etc/httpd/conf/modsecurity.conf


# Only inspect dynamic requests


SecFilterEngine DynamicOnly

# Reject requests with status 403

SecFilterDefaultAction "deny,log,status:403"

# Some sane defaults

SecFilterScanPOST On

SecFilterCheckURLEncoding On

SecFilterCheckCookieFormat On

SecFilterCheckUnicodeEncoding Off

# Accept almost all byte values

SecFilterForceByteRange 1 255

# Server masking is optional

# SecServerSignature "Microsoft-IIS/5.0"

SecUploadDir /tmp

SecUploadKeepFiles Off

# Only record the interesting stuff

SecAuditEngine RelevantOnly

SecAuditLog logs/audit_log

# You normally won't need debug logging

SecFilterDebugLevel 0

SecFilterDebugLog logs/modsec_debug_log

# Only accept request encodings we know how to handle

# we exclude GET requests from this because some (automated)

# clients supply "text/html" as Content-Type

SecFilterSelective REQUEST_METHOD "!^GET$" chain

SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"

# Require Content-Length to be provided with

# every POST request

SecFilterSelective REQUEST_METHOD "^POST$" chain

SecFilterSelective HTTP_Content-Length "^$"

# Don't accept transfer encodings we know we don't handle

# (and you don't need it anyway)

SecFilterSelective HTTP_Transfer-Encoding "!^$"

# WEB-ATTACKS /bin/sh command attempt

SecFilter "/bin/sh"

# WEB-ATTACKS ps command attempt

SecFilterSelective THE_REQUEST "/bin/ps"

# WEB-ATTACKS /bin/ps command attempt

网站免责声明 本网站所提供的信息,只供参考之用。 本网站及其雇员一概毋须以任何方式就任何信息传递或传送的失误、不准确或错误对用户或任何其他人士负任何直接或间接的责任。 本网站在此声明,不承担用户或任何人士就使用或未能使用本网站所提供的信息或任何链接或项目所引致的任何直接、间接、附带、从属、特殊、惩罚性或惩戒性的损害赔偿(包括但不限于收益、预期利润的损失或失去的业务、未实现预期的节省)。 本网站所提供的信息,若在任何司法管辖地区供任何人士使用或分发给任何人士时会违反该司法管辖地区的法律或条例的规定或会导致本网站或其第三方代理人受限于该司法管辖地区内的任何监管规定时,则该等信息不宜在该司法管辖地区供该等任何人士使用或分发给该等任何人士。用户须自行保证不会受限于任何限制或禁止用户使用或分发本网站所提供信息的当地的规定。 本网站图片,文字之类版权申明,因为网站可以由注册用户自行上传图片或文字,本网站无法鉴别所上传图片或文字的知识版权,如果侵犯,请及时通知我们,本网站将在第一时间及时删除。 凡以任何方式登陆本网站或直接、间接使用本网站资料者,视为自愿接受本网站声明的约束。联系QQ515827934