{"id":67,"date":"2019-05-15T12:09:36","date_gmt":"2019-05-15T12:09:36","guid":{"rendered":"https:\/\/www.pcubelive.com\/blog\/?p=67"},"modified":"2019-05-15T12:24:05","modified_gmt":"2019-05-15T12:24:05","slug":"how-to-secure-a-cpanel-account-from-hackers","status":"publish","type":"post","link":"https:\/\/www.pcube.tech\/blog\/how-to-secure-a-cpanel-account-from-hackers\/","title":{"rendered":"How To Secure A cPanel Account From Hackers"},"content":{"rendered":"

In an effort to help improve the security on the servers we encourage clients to follow some of our best practices. Please keep an email address where you can be reached for important system notifications like disk quota warnings, change of preferences, external logins, password changes, and more.<\/p>\n

 <\/p>\n

Here are some security tips for improve your cPanel account security.<\/p>\n

    \n
  1. Completely and correctly scanning your computer for viruses and other malware like Trojan horses, rootkits, spyware, adware, worms, etc. Make sure that you have up to date Spyware \/ Malware \/ Anti Virus protection on any computer that connects to the site via FTP and SSH. Run a scan on these machines and fix whatever issues arise.<\/li>\n
  2. Permission is very role in cpanel security. Permission used to specify which particular person may or may not have access to file or directory. Incorrect file permissions can cause errors or even worse, allow unauthorized users to hack your site. Once an unauthorized user gains access, they can further alter more of your file permissions to make a site even more vulnerable.<\/li>\n<\/ol>\n

    Folders<\/strong> \u2013 755<\/p>\n

    Files<\/strong> \u2013 644<\/p>\n

    Remember that 777<\/em> permissions means that your file is readable, writeable and executable by the “world”. This is not common, as it is a rare situation where a file needs to be written and executed by the “world.” If you find files or folders with permissions that do not match the default permissions, it’s usually best to change them to the above recommended permissions.<\/p>\n

     <\/p>\n

      \n
    1. Change all FTP user account passwords. Make sure the passwords you reset are secure. Use upper and lower case lettering and numbers.<\/li>\n<\/ol>\n
        \n
      • Log into cPanel.<\/li>\n<\/ul>\n

        \"\"<\/p>\n

          \n
        • Select FTP Accounts<\/em> under the Files<\/em> section of cPanel.<\/li>\n<\/ul>\n

          \"\"<\/p>\n

            \n
          • Select “Change Password<\/em>” in the Actions<\/em> column beside the FTP account that needs a password reset.<\/li>\n<\/ul>\n

            \"\"<\/p>\n

              \n
            • Type in your new password and click “Change Password<\/em>“.<\/li>\n<\/ul>\n

              \"\"<\/p>\n

              4. Make sure that allow_url_include, fopen, and register_globals are set to \u201coff\u201d within any customized php.ini files you have within your account. Also make sure you have included insecure functions within the disable_functions list. This only applies if you are running PHP applications within your account.<\/p>\n

              5. Update any applications you are running to the latest stable versions. If you are running a CMS, such as Joomla, WordPress, or Drupal, I recommend checking to make sure it and any plugins\/Addons are fully updated as security exploits may have been fixed by the developers. If any security patch install in the website. Newer versions will contain security patches for known exploits within that application. This also applies to any 3rd party plugins themes and application versions you are running for these applications.<\/p>\n

              6. Backups is one of the most important parts of having a working website. It is crucial to backup your files on a regular basis or just before making any substantial changes so that a backup is available in the event of data . Make frequent personal backups, and make sure that your backups are not infected with malicious code. That way you can easily restore files if you need to.<\/p>\n

               <\/p>\n

              Preforming your account backup.<\/p>\n

                \n
              • Login to your cPanel.<\/li>\n<\/ul>\n

                \"\"<\/p>\n

                  \n
                • Click the Backup wizard button in the Files section of cPanel.<\/li>\n<\/ul>\n

                  \"\"<\/p>\n

                    \n
                  • In the Full Backup section, click the Download a Full Website Backup button.<\/li>\n<\/ul>\n

                    \"\"<\/p>\n

                      \n
                    • On the next screen make sure the Home Directory option is selected.<\/li>\n<\/ul>\n

                      \"\"<\/p>\n

                        \n
                      • If you want an email notification when the backup completes, enter your email address.<\/li>\n<\/ul>\n

                        \"\"<\/p>\n

                          \n
                        • Click the Generate Backup buton to begin the Full cPanel Backup.<\/li>\n<\/ul>\n

                          \"\"<\/p>\n

                           <\/p>\n

                            \n
                          • This will generate the back up for you and place the tar.gz file inside of your home directory. You can then download the backup via cPanel, FTP or SSH.<\/li>\n<\/ul>\n

                             <\/p>\n

                            7. Time to time Check all administrative areas of your sites. Make sure they are all password protected. Sometimes hackers remove this protection which can lead to easy entry later.<\/p>\n

                            8. Time to time Check your applications for new Administrative user accounts that hackers may have setup as back doors. Remove any and all suspicious user accounts. If any suspected user entry found then remove the suspected user entry.<\/p>\n

                             <\/p>\n

                             <\/p>\n

                             <\/p>\n","protected":false},"excerpt":{"rendered":"

                            In an effort to help improve the security on the servers we encourage clients to follow some of our best practices. Please keep an email address where you can be reached for important system notifications like disk quota warnings, change of preferences, external logins, password changes, and more.   Here are some security tips for […]<\/p>\n","protected":false},"author":7,"featured_media":79,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/posts\/67"}],"collection":[{"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/comments?post=67"}],"version-history":[{"count":1,"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions"}],"predecessor-version":[{"id":78,"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions\/78"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/media\/79"}],"wp:attachment":[{"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/media?parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/categories?post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pcube.tech\/blog\/wp-json\/wp\/v2\/tags?post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}