What we are doing for server security!
- By default, we have set all servers to use the latest PHP with
php_suexec enabled along with register_globals turned off. This prevents remote
code inclusion and various code poisoning.
- We are running Apache in chroot-ed environment with suExec.
- We have compiled a secure Linux kernel with grsecurity. This secures the
server against kernel exploits.
- We have sophisticated IDS / IPS systems which block malicious bots
and attackers.
- ModSecurity is installed on all of our shared servers.
- Our server are regulary scanned using rkhunter to identify rootkit
and Trojans.
- The serverspace is scanned using latest updated clamAV.
Due to the nature of security, listing all the procedures that we go through and providing it as an open discussion list to the general public is not something we're prepared to do.
That being said, each of the options listed above are great starting points.
Require SSL
Enabling this option requires logins from remote locations to use SSL.
you need an active SSL certificate for your servers hostname, which is no problem, but if you have resellers and master resellers they will not be happy if you enable SSL as it will tell their clients who they host with
as every cpanel/WHM on the server will show the following URL in the browser bar