BuycPanel Blog

BuycPanel Blog

Latest news and updates

How to Protect Your cPanel and Servers From Malware

Posted by Allen on 24 05 2017.

Don’t be a victim of Malware. Do you know that Google bans thousands of infected websites a day. These websites are infected with malware and phishing mechanisms. It’s not that the website owners are malicious, they are also victims. Although, Google will not hesitate to ban or mark down your website even if you are the victim.

Since compromised websites are like zombies. They stumble and hobble along not knowing that they are infected. They become the vector for credit card theft, identify theft, and a whole host of other nefarious botnet-like activities.

If you are a professional website host or if you are a website owner you need to protect yourself from malware. Here are a few things you can do to protect your cPanel and servers from malware.

 

Strengthen Weak Passwords 

 

Sometimes the most vulnerable side of our security are passwords. Weak passwords can be cracked easily by a determined hacker.…

Don’t be a victim of Malware. Do you know that Google bans thousands of infected websites a day. These websites are infected with malware and phishing mechanisms. It’s not that the website owners are malicious, they are also victims. Although, Google will not hesitate to ban or mark down your website even if you are the victim.

Since compromised websites are like zombies. They stumble and hobble along not knowing that they are infected. They become the vector for credit card theft, identify theft, and a whole host of other nefarious botnet-like activities.

If you are a professional website host or if you are a website owner you need to protect yourself from malware. Here are a few things you can do to protect your cPanel and servers from malware.

 

Strengthen Weak Passwords

 

Sometimes the most vulnerable side of our security are passwords. Weak passwords can be cracked easily by a determined hacker. More so, if they are using bots to crack your passwords. Just imagine what malicious stuff bad people can do if they have access to your server.

So at the end of the day, you need to practice better password hygiene. You can use long passphrases or a combination of uppercase and lowercase letters, numbers, and symbols. It won’t hurt to use password managers as well.

 

Update Your Themes, Add-ons & Plugins

 

It’s ridiculous how some webmasters let old plugins as is. However, there is a reason for that. First reason is that they don’t want their website to break when they update. But that is not the best reason if the flipside is compromising your server with malware.

The simple act of updating your plugins and add-ons helps a whole lot with security. Updated plugins means any security vulnerability has been patched or remedied. If you want to leave old plugins then you should have heavy duty anti-malware and intrusion detection software installed. In any case, you should have both anti-malware and intrusion detection installed anyway.

 

Protect Your FTP, Web App, and Control Panel Uploading Capability

 

If you can’t outright block uploading to FTP, your web app, or control panel, then you should take security measures to protect it from being used by others. Protect yourself with antivirus software and configure your cPanel in such a way that changes in critical files are tracked.

Make sure you configured your cPanel to alert you in case files in the server are uploaded, changed, or removed. There are various software like ClamAV to help you secure files and make sure that no malicious code is being injected.

Having a rootkit guard like RKHunter is also a great way to protect your server from malware. It does so by plugging backdoors and other exploits in your server.

Turn On ConfigServer Security & Firewall

 

You can turn on ConfigServer Security & Firewall to make sure that your server is not easily accessible from the outside. With the firewall on, you don’t need to worry about unwanted connections from the outside.

If there is no turnkey solution for a firewall in your server, you just need to go use the command line and wget csf.tgz, unzip it, and execute the script that you have unzipped.