5 Essential cPanel Settings for Beginners

By . Filed in Web 2.0

cPanel is the leader and industry standard of standalone hosting platform nowadays. The main product WHM/cPanel has been used by most web-hosting providers due to its flexibility, and because it’s easy to manage,customizable and backed by great quality support.

cPanel

Most of us who are involved in the web-hosting industry have heard of what it can do.If you are new to cPanel however, there are a few things that we would recommend that you do during the intial phase. Listed after the jump are 5 recommended initial setups for new cPanel users.

1. Get a Strong Password

Every user by default will get a username and password to login into the cPanel domain owner interface. The same login credential is applied to the default mysql database user, FTP account, email address and also system user login, which you can use to access the server remotely by using SSH (if the server administrator enables this feature).

Changing the cPanel login password is a critical first action. If someone is able to retrieve or guess your password, they will get all unwarranted privileges to the server, which is dangerous.

There are some cases where a valid user’s registered email account has been hacked into and taken over by a hacker. Inside the email Inbox was the login credential for his cPanel account. When the owner wanted to reset the password (which had been changed by the hacker), he had to contact the web hosting provider. The problem is he needed to use the registered email address for verification as the account owner; nothing can be done.

A good password practice should be applied to prevent this kind of problems. Some tips for password management best practice:

  • Change your password frequently
  • Avoid dictionary words
  • Avoid familiar items like birth date, vehicle registration number or phone number
  • Use a combination of letters, numbers and symbols
  • Use more than 8 characters
  • Do not ‘remember’ your password in the browser

2. Understand the server environment

Make sure you totally understand the server environment before use. Some key things which you need to know are the server operating system and architecture, kernel version, applications (cpanel,apache, php, mysql, perl) version, IP address and hosting package limitation. You can get this information on the main page which usually appears on the sidebar of the cPanel interface. A good hosting server should be run on the updated version of the kernel and applications under 64 bit architecture (x86_64).

Server Environment

The cPanel user should also check the cPanel Service Status (cPanel > Stats > Service Status). You can know how many CPUs are running on the server, total memory usage and also disk space status from here. Inspecting this feature will give you more information about the server’s real-time condition. Make sure all services are up and running as expected. A stable server should run at below 80% of disk usage and below 10% of swap; the server load average should be below 2 times the total number of CPU.

3. Check permission (File and directory)

cPanel users by default will get a home directory under /home/{username}. All files and directories under the user’s home directory should be run on respective permission and ownership. The most critical directory which should be run under correct permission and ownership is public_html. But, before we proceed with the checking, you should know how PHP is handled inside the cPanel server.

Create a phpinfo page under public_html. Access the page via browser and check the value of "Server API".

Server API

If the value is CGI/FastCGI, then the PHP handler is either suPHP, FastCGI or CGI. Most web hosting provider will use suPHP instead due to security verification and as it is the default handler for cPanel servers. Under this handler, PHP executed as a different process alongside Apache. All file permission should be run under 644, and directory permission, under 755. Permissions higher than this will result in "Internal Server Error" whenever the PHP script is executed.

Server API

If the value is Apache 2.0 Handler, then you are running PHP under DSO. This handler does not require strict file permission and ownership because the PHP file is totally being handled by Apache. But it is still recommended to have same permission practice as advised in CGI/FastCGI method.

You can use cPanel File Manager, FTP client or SSH access (if allowed) to fix the permission and ownership issue. Do not forget to delete the phpinfo page after the information that you want is retrieved.

4. Add some protection

Even though protection and security is totally under server administrator responsibility, cPanel users can take advantage of cPanel flexibilities in adding some protection to your website, domain and cPanel account.

Default Address Maintenance

Make sure Spam Assassin (cPanel > Mail > Spam Assassin) is enabled. Some web hosting provider do not enable this feature by default because newly registered domain usually do not receive many spam emails. Discard all unrouted email under Default Address (cPanel > Mail > Default Address) with error to sender at SMTP time. Do not use the "blackhole" or "forward to email address" options unless you really need it. Hackers can take advantage of these 2 features to create a DOS attack for the SMTP service.

FrontPage Extensions

Disable Frontpage if it is not used (cPanel > Advanced > FrontPage Extensions). Microsoft has discontinued FrontPage extension support for the Unix platform and recently many web hosting provider had observed severe intrusion attempts via FrontPage vulnerabilities.

Disable_functions

Check the PHP disabled_function using phpinfo page. Make sure all critical functions have been disabled inside the server. If not, create a php.ini file under public_html and add the following line:

disable_functions=exec, passthru, shell_exec,system, proc_open, popen, curl_exec, curl_m ulti_exec, parse_ini_file, show_source

Enable hotlink protection (cPanel > Security > Hotlink Protection) to prevent others from stealing your bandwidth. People might just link your image to their websites, making it part of their contents. Only allow your websites URL to access static contents like .jpg, .jpeg, .gif, .png and .bmp.

5. Notification and Monitoring

It is required to put a secondary email to receive notification by cPanel. By default, the user’s registered email will always be the primary contact. Under Update Contact Info (cPanel > Preferences > Update Contact Info), add a secondary email as a backup in case the primary email is unreachable.

Subscribe to any monitoring tools available online to monitor your website and domain availability. Even though some web hosting providers offer this service for free, you might need to have another external monitoring point for more accurate results. Make sure you configure the monitoring system to trigger and send alerts to your email so you will receive notifications immediately. Sites like http://www.monitor.us and http://www.siteuptime.com offer free monitoring tools based on geographical locations.

Conclusion

This article is not intended for new cPanel users only. It also serves as a reminder for those who already familiar with cPanel as well. By practising these best configuration practices it may help you to become a better and more responsible website/domain owner.

Author:

Ashraf is an xperienced LINUX/UNIX server administrator which focused on productivity and security in hosting services. He is currently working with an IaaS provider.

Advertisement