This article covers techniques to prevent attacks on the server. Basically, if we manage our servers without proper precautionary actions it is easy to spoil the reputation of the server.
Hardening your server is the process of increasing security on your server through a variety of means to result in a much more secure operating environment. Server hardening is one of the most important tasks to be handled on your servers.
The default configuration of most operating systems is not designed with security as the primary focus.
Default server setups focus more on usability, functionality and communication.
Server Hardening Security Measures Includes:
1. Hide login password from cgi scripts.
This setting allows you to hide the REMOTE_PASSWORD variable from scripts that the cpsrvd daemon's CGI handler executes.
2. Referrer safety check.
Only permit cPanel, Webmail and WHM to execute functions when the browser-provided referrer (port and domain or IP address) exactly matches the destination URL.
3. Initial default/catch-all forwarder destination
Select Fail to automatically discard un-routable email that your servers new accounts receive. This will help protect your server from mail attacks.
4. Verify signatures of third-party cPaddons.
Enable this option to verify GPG signatures of all third-party CPaddons.
5. Prevent "nobody" from sending mail.
Enable to block email that the nobody user sent to the remote address. Nobody is the username for Apache.
6. Enable SPF on domains for newly created accounts.
7. Proxy subdomain override.
Disable this option to prevent automatically-generated proxy domains when a user creates a subdomain.
8. Proxy subdomain creation.
Disable this option to prevent the addition of cPanel, Webmail, Web Disk and WHM proxy subdomain DNS entries to new accounts.
9. Cookie IP validation.
Disable this option to allow logins regardless of the user's IP address.