Adding SPF records for a user via SSH in Cpanel servers
SPF (Sender Policy Framework): A feature that allows a recipient server to verify that an email message has really been sent from the domain specified in the From: field. Enabling SPF can prevent your server from receiving replies to spam that has forged your domain name as part of the sender’s address. SPF only works if both the sending and receiving mail servers have SPF enabled.
Login to your cpanel server as root user.
/usr/local/cpanel/bin/spf_installer USERNAME
SSH Security On cPanel Servers.
1. Change SSH port number.
Edit your ssh configuration file under /etc/ssh/sshd_config and add/replace this line:
# What ports, IPs and protocols we listen for
Port 22
2. Allow only the IP’s that you would like to have access to SSH through your firewall.
iptables -A INPUT -i eth0 -s 192.168.1.1 -p tcp –dport 22 -j ACCEPT
3. Use a utility like BFD, BlockHosts and DenyHosts
denyhosts - a utility to help system admins thwart ssh crackers
4. Use iptables to limit the rate of incoming connections to SSH.
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
This will limit incoming connections to port 22 to no more than 3 attempts in a minute. Any more will be dropped.
Running Multiple MySQL Servers on Linux
The easiest way is to run multiple MySQL servers on Linux is to compile them with different TCP/IP ports and Unix socket files so that each one is listening on different network interfaces. Compiling in different base directories for each installation also results automatically in a separate, compiled-in data directory, log file, and PID file location for each server.
Assume that an existing 5.0.19 server is configured for the default TCP/IP port number (3306) and Unix socket file (/tmp/mysql.sock). To configure a new 5.5.4 server to have different operating parameters, use a configure command something like this:
# ./configure –with-tcp-port=port_number \
–with-unix-socket-path=file_name \
–prefix=/usr/local/mysql-5.5.4
Here, port_number and file_name must be different from the default TCP/IP port number and Unix socket file path name, and the –prefix value should specify an installation directory different from the one under which the existing MySQL installation is located.
Reference: http://dev.mysql.com/
Using hardening tools Suhosin in Cpanel Servers for PHP
The Suhosin extension “was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.”
Reference : http://www.hardened-php.net/suhosin/
Perhaps more importantly, the Suhosin community would be an excellent starting point for learning about flaws in PHP, as well as other extensions, configurations, and techniques you can use to protect your server.
Since many popular scripts are not compatible with Suhosin’s restrictions, you need to test it before moving to production.
What is dnsadmin in Cpanel Servers
DnsAdmin is a GPL development project to create a set of programs to manage dns information.
Support is included for bind and djbdns.
dnsadmin is a set of programs that helps manage DNS information.
Reference : http://www.inter7.com/
