Introduction:
In today's digital age, website, and account security have become paramount concerns for businesses and individuals. With the ever-evolving landscape of online threats, safeguarding your website and the associated user accounts is a matter of protecting sensitive information and ensuring the trust and reputation of your online presence.
This cPanel guide is dedicated to helping you navigate the intricate world of website and account security, equipping you with the knowledge and tools needed to fortify your digital assets against potential threats.
Hotlinking is when other websites directly link to your images, videos, or other resources, using your Server's resources and bandwidth. To prevent this:
Enabling Hotlink Protection
Log in to your cPanel account.
In the "Security" section, look for and click on the "Hotlink Protection" icon. It might also be labeled as "Hotlink Protection" under the "Security" or "Files" section, depending on your cPanel theme.
On the "Hotlink Protection" page, you'll likely find an option to enable hotlink protection. Click on it to proceed.
Configure the settings as needed:
Define which file types (images, videos, etc.) should be protected.
Specify the URLs of websites allowed to hotlink your content (if any).
Optionally, you can customize the message displayed to users with blocked hotlink attempts.
Save or apply the changes Once you've configured the settings. Hotlink protection should now be active, blocking unauthorized hotlink attempts.
Disabling Hotlink Protection
If you wish to turn off hotlink protection, follow these steps:
Log in to your cPanel account.
Navigate to the "Hotlink Protection" section, following the same path you used to enable it.
Look for an option to disable hotlink protection or turn off protection.
Save the changes, and hotlink protection will be disabled. Other websites will be able to link directly to your content.
Using the IP Deny Manager in cPanel allows you to block specific IP addresses or ranges from accessing your website or Server. Here's how to use the IP Deny Manager:
Log in to cPanel: Access your cPanel account using your username and password.
Locate the IP Deny Manager: Depending on your cPanel theme, the IP Deny Manager might be found in different sections. Look for it under the "Security" or "Files" section. Click on the "IP Deny Manager" icon or link.
Add IP Addresses to Deny: In the IP Deny Manager interface, you will find a text field to enter IP addresses or ranges. Follow these steps:
To block a single IP address, Type it into the box provided to prevent access from a specific IP address.
To block an IP range: If you want to block a range of IP addresses, use CIDR notation. For example, if you're going to block all IPs from 192.168.1.0 to 192.168.1.255, you can use "192.168.1.0/24".
You can add multiple IP addresses or ranges, each on a new line.
Add Comments (optional): You can add comments to help you remember why you blocked a specific IP address or range. Comments can be helpful for reference later.
Click "Add."
Confirm and Manage Blocked IPs: You should see a confirmation message indicating that the IP addresses have been added to the deny list.
Save Change
Checking Currently-Blocked IP Addresses:
In the IP Deny Manager:
Navigate to the "IP Deny Manager" or "IP Blocker" section in cPanel.
You will see a list of currently blocked IP addresses.
Unblocking an IP Address:
In the IP Deny Manager:
Locate the IP address you want to unblock in the list of currently blocked IPs.
Unblock the IP:
Click the "Delete" or "Unblock" button next to the IP address you wish to unblock.
Confirm:
Confirm the action if prompted.
Save Changes:
After unblocking the IP address, save your changes.
Leech protection prevents unauthorized access to files on your site by limiting the number of simultaneous logins from a single IP address. That can help prevent password sharing or unauthorized account usage.
Enabling Leech Protection
Log in to your cPanel account.
Find and click on the "Leech Protection" icon or link under the "Security" section.
Click the folder you want to secure to choose it.
Toggle the switch to enable leech protection for that directory.
Set the user threshold:
Define the maximum number of user logins from different IP addresses within a specified time frame.
Click the "Save" or "Apply" button to save the leech protection settings.
Disabling Leech Protection
Log in to your cPanel account.
Navigate to the "Leech Protection" section under the "Security" category.
Find the directory for which you previously enabled leech protection and click on it.
Toggle off the switch to disable leech protection for that directory.
Click the "Save" or "Apply" button to save the changes.
Managing Users in Leech Protection
Log in to your cPanel account.
Go to the "Leech Protection" section under the "Security" category.
Find and click on the directory with leech protection enabled.
Look for the list of users who have exceeded the defined threshold.
To manage users:
To suspend a user, click the "Suspend" button next to their name and specify the duration.
To remove a user, click the "Remove" or "Delete" button next to their name.
After managing users, click the "Save" or "Apply" button to save the changes.
Limit SSH access to authorized users only. Disable direct root login and use SSH keys for secure authentication.
Here are the steps to implement SSH access control for enhanced security:
1. Log in to your Server:
Open a terminal or SSH client on your local machine and log in to your Server using SSH credentials.
2. Edit SSH Configuration:
A text editor like 'Nano' or 'Vim' must edit the SSH configuration file.
Sudo nano /etc/ssh/sshd_config
3. Disable Root Login:
Find the line `PermitRootLogin yes` and change it to:
PermitRootLogin no
4. Allow Only Authorised Users:
Locate the `AllowUsers` or `AllowGroups` directive. If it doesn't exist, add it. List the usernames or groups allowed to SSH:
AllowUsers username1 username2
5. Enable Public Key Authentication:
Ensure that public key authentication is enabled by finding the line `PubkeyAuthentication` and verifying it's set to:
PubkeyAuthentication yes
6. Generate SSH Key Pair:
On your local machine, generate an SSH key pair if you haven't already:
ssh-keygen
7. Copy Public Key to Server:
Copy your local machine's public key to the Server's authorized_keys file:
ssh-copy-id username@server_ip
8. Set Correct Permissions:
On the Server, set the correct permissions for the `~/.ssh` directory and authorized_keys file:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
9. Test SSH Key Authentication:
Try to SSH into the Server from your local machine. If your SSH key setup is correct, you should log in without a password prompt:
ssh username@server_ip
10. Restart SSH Service:
After making changes, restart the SSH service to apply the configuration:
sudo service ssh restart
In this comprehensive cPanel guide to website and account security, we have covered many strategies, best practices, and tools to help you protect your online presence. From securing your website with robust passwords, SSL certificates, and web application firewalls to implementing essential security measures within your cPanel account, you are now armed with the knowledge to defend against various cyber threats.
Maintaining attention is essential, as security is a continual process. Regularly updating your software, monitoring your website for vulnerabilities, and educating yourself and your team about the latest security threats will help you stay one step ahead of potential attackers. By making security a top priority and according to the guidelines in this manual, you can protect your website and accounts and earn your users' trust, ensuring a risk-free and enjoyable online experience for everyone.