Published on : November 2, 2018 by Andy Robert
Malware is emerging on the internet daily. They are composed of many things such as the virus, trojans etc which can harm the data on your servers. Any organization that has a web presence will be concerned about their server security. We have to accomplish uncompromising security measures to secure the confidential data hence, we are always searching for new security methods to protect the servers. Here I'm explaining about 3 plugins which enhance the security of cPanel server.
Rootkit Hunter aka RKHunter is a Unix based tool which protects our server from a potential malware named Rootkit which is secretly installed by malicious intruders. Once it is installed, they can continue the access and have full control over the server. RKHunter prevents this by scraping the machine and comparing it with a database of known rootkits and closes all possible ways for further attacks. RKHunter also helps to scan other exploits like backdoors, E-mail injection, Buffer overflows, format string bugs etc. Linux distributions like CentOS, Fedora, Ubuntu and Redhat and BSD distributions from BSD 4 to BSD 8 are supported by RKHunter. They work on the types of root rootkits which can access the Application level, Kernel Level, Hypervisor level, Library Level and Hardware/Firmware level.
ConfigServer Security and Firewall is also known as CSF, another effective tool to protect the servers from malware attacks and third-party invasions. It is a scripting which allows the server admins to block the public access services and only allows certain connections, such as logging in to FTP, checking email, or loading your websites. It is user-friendly and has an advanced interface. It also allows managing blacklist and whitelist of IP manually. CSF comes with a service called Login Failure Daemon or LFD which is for real-time monitoring for automatic IP blocks. If they found multiple login failures from the same IP address, that IP will be temporarily blocked immediately from all services on your server. Later, this blocks will be removed automatically or can be removed manually through the ConfigServer interface in WebHost Manager.
This cPanel plugin is designed to detect the security threat on a shared hosting environment. We can run this plugin in the background which scans and detects the currently active security threats and generates signatures for future purposes. The signatures that LMD uses are MD5 file hashes for quick detection and HEX pattern matches for identifying threat variants. They are also easily exported to any number of detection tools such as ClamAV. By using this plugin, the users can also submit threat data, which will be systemized and removed from the shared hosting community.
Securing the network environment from privacy spoofing, information theft etc should be a highly prioritized responsibility for us. So utilizing the above-mentioned plugins along with SSL, constant monitoring, regular backups will keep our data safe and secure.