As (in)secure as WHM/cPanel? Topic is solved
As (in)secure as WHM/cPanel?
As a Saas running php-websites only, I found cpanel to be to bloated. We offer no dns,mail or even client access to files or database, but only the websites.
What I liked about cPanel was that I was guided through good security practice through for example the security adviser.
How can I secure my php websites as good as possible? Also how can I make the server itself more secure?
Or am I safe with a standard vesta installation?
I use nginx+phpfpm on Debian 9. I run each website on separate users.
What I liked about cPanel was that I was guided through good security practice through for example the security adviser.
How can I secure my php websites as good as possible? Also how can I make the server itself more secure?
Or am I safe with a standard vesta installation?
I use nginx+phpfpm on Debian 9. I run each website on separate users.
Re: As (in)secure as WHM/cPanel?
You can enable open base dir, you can disable functions
But I think best security is leave your code update, not use third party software whitout maintance and you will run well
You can have secure server but some pirated plugin / theme in your sites and you will be hacked in any way
But I think best security is leave your code update, not use third party software whitout maintance and you will run well
You can have secure server but some pirated plugin / theme in your sites and you will be hacked in any way
Re: As (in)secure as WHM/cPanel?
That is some good points.
1. However, I was wondering: do I currently have better security with my cPanel-account websites that what I would get with similar VestaCP-account websites?
If so, what can I do to have similar good security or even better with Vesta?
2. What ports should I have open when I want to: host php+mysql websites with http, https as well as being able to access the Vesta GUI and SSH? I will use letsencrypt to automatically sign certificates. And I will use PHP mail to send emails. I guess neither php mail or mysql needs any external ports?
- TCP: 22, 80, 443, 8083?
(I do not need ftp, pop/smtp/imap, webmail or dns)
1. However, I was wondering: do I currently have better security with my cPanel-account websites that what I would get with similar VestaCP-account websites?
If so, what can I do to have similar good security or even better with Vesta?
2. What ports should I have open when I want to: host php+mysql websites with http, https as well as being able to access the Vesta GUI and SSH? I will use letsencrypt to automatically sign certificates. And I will use PHP mail to send emails. I guess neither php mail or mysql needs any external ports?
- TCP: 22, 80, 443, 8083?
(I do not need ftp, pop/smtp/imap, webmail or dns)
Re: As (in)secure as WHM/cPanel?
Security is not a product, but more of a process.
Its an ongoing thing, not just a one time fix.
So, you cannot really measure 'security'.
Its an ongoing thing, not just a one time fix.
So, you cannot really measure 'security'.
Re: As (in)secure as WHM/cPanel?
Sure, but I'm wondering of how to harden the websites/server in the initial setup.
1. PHP-FPM is more secure than other php handlers. (?) - if one site/user home directory is comprised with some bad php file, the whole server is not at risk..
2. I should open only the necessary ports. What ports? See my last reply.
3. Should I install some malvare-scanner on the server? Fail2ban? Sole other useful tools/modules to monitor/improve/fix security?
4. Should I disable root ssh?
Something else?
1. PHP-FPM is more secure than other php handlers. (?) - if one site/user home directory is comprised with some bad php file, the whole server is not at risk..
2. I should open only the necessary ports. What ports? See my last reply.
3. Should I install some malvare-scanner on the server? Fail2ban? Sole other useful tools/modules to monitor/improve/fix security?
4. Should I disable root ssh?
Something else?