The internet is a hostile environment, and your web hosting servers face innumerable threats from bad actors who want to steal data and exploit server resources. CentOS is a stable and secure foundation, but it is not invulnerable. Configuration mistakes, software vulnerabilities, and poor Linux security practices can open the door to bad actors and malicious bots.
cPanel & WHM includes many Linux security tools that help server administrators to build a secure hosting environment. In this article, we’re going to look at four techniques that leverage cPanel and WHM to enhance Linux server security.
- Changing the SSH port to confuse bad bots.
- Implementing SSH keys to avoid security vulnerabilities caused by weak passwords.
- Automatically blocking brute-force attacks with cPHulk.
- Leveraging cPanel Security Advisor to mitigate common Linux security problems.
We’re focusing on server-level security, so you will need access to your server’s root account, both in WHM and on the command line via SSH.
How To Change the SSH Port in cPanel
SSH (Secure Shell) is an encrypted network protocol that keeps authentication credentials and data safe when you connect to your server’s shell. The server runs an SSH service, and a client on your local device connects to it. Communication between them is encrypted so eavesdroppers can’t see sensitive data traveling over the network.The SSH service traditionally listens for connections on port 22, so bots target that port with brute-force attacks that attempt to guess a valid username and password. Even if users choose long and hard-to-guess passwords—which is not always the case—brute-force attacks can generate a vast number of failed login attempts that waste server resources.Changing the port number confuses unsophisticated bots. If they can’t find the port, they can’t attempt to log in. A Linux server has 65535 (27) available ports. You should avoid 0–1023—the so-called well-known ports, including SSH’s 22—but you are free to choose between 1024–65535.Before you begin, be sure to configure your firewall to allow connections on the new port. Otherwise, it will block SSH connections, and you won’t be able to log in.Log in as root with SSH and open the /etc/ssh/sshd_config file in your preferred text editor.
nano /etc/ssh/sshd_config
Find the line that reads:
#Port 22
Delete the pound sign at the beginning of the line and change the 22 to your new port.
Port 32356
Save and close the SSH configuration file. Finally, restart the SSH service:
/scripts/restart_ssh