Opting for a cloud server versus a cPanel-managed VPS means greater control over your Linux operating system (OS). While you can modify Cloud Server DNS records in Account Management Panel (AMP), it’s your responsibility to implement further security measures. While cPanel administrators use Web Host Manager (WHM) features to harden servers, you’ll need to install necessary software once you upgrade to a cloud server.
This starts with ensuring you select the right server OS for your needs.
- Are you used to managing cPanel with RPMs and CentOS commands? Maybe stick with CentOS.
- Do you need the latest features and software versions – stable or not? Check out Ubuntu.
- Do you prioritize stability and minimalism? Try Debian.
You can re-OS your cloud server at any time with with InMotion Cloud Server Hosting.
Configure a Firewall
Some OSs don’t include a preinstalled firewall application. Check to see if UncomplicatedFirewall (UFW) or Firewalld are installed. If not, install one of them, or ConfigServer Security & Firewall (CSF), and only open the ports you need.
Whether you’re running Apache or Nginx, install ModSecurity for additional signature-based protection.
If you have a complex server environment requiring many open ports, consider using Nmap to audit your setup.
Secure SSH
While configuring your firewall, consider changing your default SSH port from 22 to protect against brute force SSH login attacks. Also, create a regular user account so that you’re not using root access unless needed. In many cases, it’s better to use the normal user account and sudo
when administrator privileges are required. This makes access log auditing easier by minimizing the expected activity for the root user account.
Install an SSL Certificate
cPanel servers rely on AutoSSL to maintain Comodo-signed, domain-validated (DV) SSL certificates. Without server management software, you’ll need to manage SSLs manually or with external tools. There are many websites that will create SSL for you (e.g. SSLforFree.com) but we cannot speak for their reputation. We recommend installing Certbot to produce and automate SSLs. Then ensure all traffic is forced to port 443 (HTTPS).
Security HTTP Headers and Subresource Integrity (SRI)
Security HTTP headers and SRI assist your SSL with protecting your visitors privacy and from cross-site scripting (XSS). Start with Strict-Transport-Security (HSTS) to enforce SSL usage within browsers and Referrer-Policy to sterilize user input to analytics software. Then slowly work on Content-Security-Policy (CSP).
Submitting your website for preloading at Hstspreload.org isn’t required or recommended for websites that aren’t pro-actively maintained. It’s still a good practice to use the web application to check your HSTS header.
Backups
You can maintain server snapshots in AMP. However, you cannot restore individual files from a snapshot. Therefore, create and verify server backups at least monthly. We’ve covered how to create backups using the tar and zip commands. If you use Webmin, Vesta Control Panel, or another server management suite, learn how to create, verify, and download server backups manually and automatically. The redundancy ensures you always have a way to create and restore backups.
Cloud Server Updates
Ensure all installed software is updated. If any software you use can’t alert you of available of updates via email or log entry, follow the developer’s official social media account(s) or RSS feed. If you need assistance with upgrading your server OS, contact Managed Hosting.
DNS Security
Add Domain Name System Security Extensions (DNSSEC) to your server, or enable DNSSEC with Cloudflare, to validate your websites to internet users with secure DNS resolvers.
Do your authoritative nameservers and domain top level domain (TLD) support DNSSEC? InMotion Hosting nameservers and a long list of popular TLDs support DNSSEC including .com, .net, and .org. Contact your domain registrar for more information.
Consider an Anti-Virus Scanner
Does your web application allow users to upload files? If so, you should have an AV scanner check those files for malware signatures upon upload and periodically afterwards as changes occur. We recommend ClamAV or ImunifyAV FREE.
Training
There are many free cybersecurity training platforms and vulnerability assessment tools available to help you learn more about securing your website, or Linux in general.
I recommend starting with cybersecurity awareness training from DoD Cyber Exchange.
Technical Support
Managed Hosting specializes in custom server-level configurations and optimizations. Ask Live Support about Launch Assist to help you get started and your allotted Managed Hosting time.
Community Support Center is the place to engage the community for support, alternatives, and additional assistance. Remember, the forum is not a live chat support medium and InMotion administrators do not have access to your hosting account. For immediate assistance with support and billing, contact our 24/7 Live Support.
Learn more from our Cloud Server Hosting Product Guide.
If you don’t need cPanel, don't pay for it. Only pay for what you need with our Cloud VPS solutions.
CentOS, Debian, or Ubuntu No bloatware SSH Key management made easy
Comments
It looks like this article doesn't have any comments yet - you can be the first. If you have any comments or questions, start the conversation!