Server Software and Configuration Services
cPanel Server Services
This comprehensive server service is offered for servers running cPanel. We will perform the installation, configuration and testing of each component of the service. We do not use scripts to perform this work (as some providers do) but perform each task by hand to ensure it is correctly installed and configured to your server’s requirements.
The aim of this work is to:
We aim to begin the work on your server within 24 to 72 hours from the opening of a ticket on our helpdesk with the answers to our installation questions (and correct access details) which we will send to you once your order has been processed.
cPanel Service Package Only
cPanel Service Package plus MailScanner
Included in the cPanel Server Service:
lfd is integrated with csf to block hacking attempts from your internet facing services and detects system intrusions/rootkits.
Log Scanner is part of lfd and is configured to send you email summaries once per hour using regular expression matches on the major server log files.
Check that the correct kernel is installed and upgrade to the OS vendor's latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation). See note 5 below.
Check to ensure that the server’s OS is updated and, if not, an update is run.
If cPanel has just been installed but not configured we can do this for you.
Check that apache is correctly configured and tuned for your server's requirements and that it is the latest version, and upgrade if necessary. See note 3 below.
Check that mysql is correctly configured and tuned for your server’s requirements. See note 3 below.
Check temporary file permissions, ownership and contents. Remount noexec and nosuid where possible.
Pure-ftpd is considered more secure and lighter on server resources compared to proftpd on cPanel servers.
On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk.
Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running.
On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk.
Ensure disks are correctly mounted and clean up any old files to free space where possible.
If applicable, the free CloudLinux Symlink Kernel Patch will be applied.
Protection against abuse and poisoning of your local DNS cache if DNS server (bind) is running on the server.
Not all server logs files are correctly rotated on a default cPanel server, so we add rotation options to logrotate to ensure that they are correctly rotated to help disk performance and application stability.
The MailScanner Front-End plugin is included with the cPanel Service Package + MailScanner package
We will run a manual cxs scan of user data to help identify any exploits within accounts and provide a summary report of the results. Also checks in commonly abused disk directories such as /tmp and /dev/shm for any active exploits as well as a scan of all running processes. If exploits are found on the server, the compromised account can be suspended and we will notify you of the location of the exploits. This scan does not include identifying specific exploits, restoring/cleaning any compromised scripts, or quarantining exploits for you.
cmm is a WHM plugin that allows you to edit, view and manage client email accounts and quotas from within WHM without having to log into their cPanel account.
The cmq plugin allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails awaiting delivery.
The cmc WHM plugin allows you to control the disabling of mod_security rules by their ID on a global, per user and per domain level.
cse is a WHM plugin that allows you to browse your disk structure and directories and perform shell tasks from within WHM which can be very helpful if SSH fails for any reason.
Logwatch is a daily report that summarises the information contains in the major server log files.
Dynamic Library loading is disabled, commonly abused php functions disabled, user defined php.ini files disabled if suPHP is already enabled - to help prevent hackers exploiting vulnerable PHP web scripts.
Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation.
Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation. It complements rkhunter with a different detection approach.
Help protect against clients and hackers browsing and accessing files outside of their account directories.
Check whether the server is running the latest supported version of cPanel and if not, upgrade it.
WHM configuration options are checked for security and performance configuration and changed where deemed appropriate.
Having boxtrapper enabled can very easily lead to your server being listed in common RBLs and usually has the effect of increasing the overall spam load, not reducing it.
- We no longer provide support for Virtuozzo or OpenVZ servers for csf or cxs. While the products may work on these types of containers, there may be issues that we cannot support.
- Some servers with monolithic kernels (i.e. does not use Loadable Kernel Modules – LKMs) need to have specific iptables modules loaded and it may not be possible to configure an iptables firewall. This usually only applies to those with custom kernels or VPS hosts that have not compiled their Virtuozzo kernels with iptables support.
- We will upgrade Apache, PHP or MySQL to the latest minor version of the major version you have chosen (e.g. Apache v2.2 to v2.4). If you want us to upgrade to a the latest major version of an application, you must expressly say so. Tuning is a basic configuration appropriate for the server configuration.
- While we will try and help with issues arising from the use of ModSecurity, we cannot provide direct support for the rules which should be sought from the provider’s support site.
- We do not offer a service to investigate or fix issues with OS vendor kernel upgrades, so you must ensure that you have suitable backups.