VPS LAMP with Cpanel
-
bb
MemberHi,
I will like to know what exactly or specifically does one need to secure or monitor after successfully installing a LAMP with Cpanel on a new VPS server?
I mean when all setup is done and Cpanel is used as control panel, isn't everything else easy to do. I mean except for security updates and some server monitoring if the server is down. What other things need to be done.
Also hosting companies that claim they manage your server yet they don't even perform any security updates, they use the oldest web server, OS and everything else.
So my question is when i setup a secure LAMP with Cpanel. Shouldn't my life be easier or shouldn't administering the VPS server be easy thing for a linux noob?
Thanks in advance for your help and contribution.
Posted 1 year ago # -
bb .. cpanel or not makes no difference to security. In fact cpanel, used exclusively, limits the security options you have with the terminal. (IMHO, webmin is far better anyway, if you really want a CP.)
re. Apache security, this site doesn't yet but does plan to cover it. in fact I've just written a book with 3 chapters about securing Apache, publishing March. I'll be adding some corresponding tutorials here.
"So my question is when i setup a secure LAMP with Cpanel. Shouldn't my life be easier or shouldn't administering the VPS server be easy thing for a linux noob?"
if you're asking if cpanel helps security, no. with your time, yes (in the short term). otherwise, how easy is VPS admin is highly subjective .. if the server is set up right, ie using my LAMP script here, you have covered more than most of the bases but people will still try to hack you, you still need to peruse logs and so on.
there is no question, bb, that there are a lot of security issues - particularly with apache setups - that need addressing here at vpsB (which generally favors Nginx for most uses) and it is my intention to make inroads into this wide area.
Posted 1 year ago # -
bb
Memberits hard to believe webmin is better than Cpanel. Cpanel is like the best control panel around with dedicated development work on it. Opensource project being more secured than an enterprise project is hard to conclude IMHO
Also about hackers, i mean as long as passwrods are kept hyperstrong and some monitoring is in place.
Again i asked for the specifics monitoring needed like
1. check logs
2. update OS monthly, yearly etc?
stuffs like this is what makes a noob really learnThanks in advance
Posted 1 year ago # -
well, cpanel is a bit like windows .. pretty. webmin is way more functional. (to be fair, windows 7 is a decent product, so not bad after 25 years.)
you may like to read the control panel guides:-
Nginx Control Panel: Here’s the Deal
Nginx Control Panel Workarounds .. yes, Nginx but pretty generic info.
"Again i asked for the specifics monitoring needed like
"1. check logs
"2. update OS monthly, yearly etc?
"stuffs like this is what makes a noob really learn"what you have written is the mainstay (but update weekly to be safe), along with backup, possibly a web application firewall and implementing an intrusion detection system .. depending on your requirements.
did you use the LAMP script?
Posted 1 year ago # -
bb
MemberI still dnt get the idea that webmin is better than Cpanel.
Who else agrees with this?
I mean when microsoft wasn't good enough, that doesn't mean an open source or linux was better.Maybe if you talk about having control and all that yes but when it comes to using a control panel i can bet my money Cpanel will crush any control panel out there; all features compared and included.
Posted 1 year ago # -
hmmn .. LOL .. just IMHO :)
(don't get me started on Windoze .. 7 is good tho .. not bad after 20+ years!)
(flamewars R us :) )
Posted 1 year ago # -
to be honest, bb, I'm not 'up' on Plesk.
tell me, are you a web host? If so .. and I should have said this above .. then I understand this changes things for you.
.. whatever are ones views about cPanel (and I understand Plesk is about their main competition, no?) if you are offering hosting then, sure, it would be a good idea to offer a relatively household name CP .. Webmin, while remarkably extendable, is not pretty when you're selling. .. a quandary!
Damn .. now this bible needs a special CP section too .. blimey :P
Posted 1 year ago # -
bb
MemberNah i am not a web host
I just happen to host many websites like lets say 20 websites, so i am looking for a great way to have root access to a powerful VPS that i can easily manage as a server admin noob, thats all.
I am currently using a managed VPS host with root access and Cpanel and its been so great really, but i am planning migrating to another VPS unmanaged with Plesk, so thats why i am asking for your recommendation.
Also since i will be moving to unmanaged VPS, thats why i really need to know how to be able to have security, firewall and monitor my website to be able to keep me asleep at nights :)
So yes, now you know what i want.
Posted 1 year ago # -
Glenn Kelley
MemberI have used both Plesk and cPanel.
There is a reason why cPanel has a ton more installs - even though both are products with long shelf life (meaning they have been around for quite some time)Plesk in short is a dog.
It is not as clean to use - so if you want a control panel - spend the $15 for the cpanel vps license per month - it will be well worth your time.If your a npo (non profit organization) they will charge a 1 time $30 fee instead and then you have it for life :-)
I have moved from plesk- gone back a few times and always have had regrets trying them again
Posted 1 year ago # -
Glenn Kelley
Memberps - I like webmin as well - however for someone who is new - and is not a server admin - cPanel with a few plugins will make for a great system.
For example - run over to http://www.ConfigServer.com and grab the csf firewall - dont worry it is free
That little script will do a ton for you in helping you lock down the box.
BUT LIKE ANYTHING ... IT IS NOT BULLETPROOF
if you are stuck hire someone - maybe even gunvr ;-)
Posted 1 year ago # -
big cheers Mr Kelley :)
.. totally agree about the CSF firewall .. for those wanting something more easily configurable than regular iptables - with easily implemented allow/deny rules for example and things like email reports (and even a security scanner) - this is a superb piece of soft. (CSF also has a Webmin module, doncha know)
bb .. your stack is LAMP, I am guessing (were it LEMP we'd not be discussing cPanel or Plesk at all, they aren't fully compatible) .. in your shoes, from what you say, I'd definitely play with Webmin.
one thing about any panel .. and this includes for dashboards like phpMyAdmin ..
.. bear in mind that it is one more thing to be brute force hacked. (Less is more.)
There are things to do to secure it but the simplest thing of all is to add a
deny allrule (excepting yourself) in your default virtual host. (This should be done for site admin areas too.).. you may be thinking, but what about my
dynamicIP address? Yes, you'll have to log into the server backend every now and then and tease the allowed IP address/es .. well worth the hassle.I'm on a roll so here's the code and an idea of where it lives (so that's in the default vhost location block):-
location / { root html; #more spiel n stuff #START ALLOW/DENY RULES location /someDashboard { allow 123.45.67.890; deny all; } location /anotherDashboard { allow 123.45.67.890; deny all; } #END NEW RULES, close original block }Bulletproof now? No .. IP's can be spoofed but that will protect against the majority of hackers (brute force bots).
EDIT: er, that's a LEMP directive but the principle is the same for LAMP!
Posted 1 year ago #
Reply
You must log in to post.
Want HTML?
a blockquote code em strong ul ol liPlace code between backticks `codeHere`
You've got it.