Results 1 to 11 of 11
  1. #1

    * cpanel is all that is needed to fully (securely) manage a VPS?

    Hello,

    The replies in another discussion thread surprised me, with a number of people implying cpanel is all that is needed to properly and fully secure and manage a VPS or dedicated server.

    Do you agree or disagree? Why or why not?

    Let's say you get a brand new VPS. You login as root, install Cent0S, and then cpanel. Whenever cpanel releases a new version, you click "upgrade".

    Is that it? Is that all you need to fully secure and manage your VPS?
    We are eNom PLATINUM PLUS resellers!
    Sign up today for an eNom.com reseller account with lowest possible pricing.
    * We provide support and service to over 4275 happy eNom domain name and SSL certificate resellers!

  2. #2
    Sounds like wishful thinking to me....
    Tim Gallant Creative | Proof of Intelligent Design

  3. #3
    Join Date
    Dec 2006
    Location
    London
    Posts
    661
    Agreed - that's not really a good way to be thinking about these.

    For instance, you can have a root password of 'password' and run cPanel on there. That certainly doesn't make it a secure server.
    GigaTux, Value Linux Hosting
    UK, US and Germany based Xen VPS. Reliability is key! Quick support response and 99.9% SLA.

  4. #4
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    Yep, that's all there is to it. Money for jam really. Modern technology has taken all the skill out of things. Like passenger jets these days - the planes fly themselves; all the pilot has to do is choose a destination, point and click.
    Quote Originally Posted by mrzippy View Post
    Whenever cpanel releases a new version, you click "upgrade".
    No, don't be silly. You set it to auto-upgrade from the start. What could possibly go wrong?
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  5. #5
    Simply installing cPanel does not make your server secure. There are many other security measurements are there to secure the server. You can hire a server manager for some time to do all the essential security measures for you as per your needs.

  6. #6
    Join Date
    Jun 2004
    Location
    Omaha, Nebraska
    Posts
    211
    It sure would be a nice world if upgrading cPanel was the only thing to do when it comes to security of a server. Not only would it make life easier on our system admins, but just think of the cost savings by removing that extra overhead!

    There's much more to security on a server than upgrading one software component and installing KSplice for automated Kernels. Probably the biggest thing that we see from VPS owners is that once they're setup, and they hire their security team to configure things, install the shopping cart or wordpress version that they want, then they do nothing else - EVER. We've seen some boxes that are 3 and 4 years old running PHP 4, Wordpress 2.x and so on down the line. Constant vigilance is a huge component to sever security.
    Conor Treacy
    Hands-on Web Hosting
    E-Commerce cPanel Web Hosting | PCI Compliance Hosting

  7. #7
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by mrzippy View Post
    Whenever cpanel releases a new version, you click "upgrade".
    This doesn't take care of things like php/apache upgrades.
    This doesn't take care of kernel upgrades if you are using a xen with pygrub-pvgrub or kvm vps.
    Cpanel does not include a firewall.
    Cpanel does not by default enable mod security. Cpanels default modsecurity rules are trash.

    A stock installation of cpanel is not very secure at all.
    I spend hours per day keeping servers up to date.. if it was really that easy I would get vacations more often.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  8. #8
    Join Date
    Nov 2002
    Location
    Oklahoma
    Posts
    702
    A control panel does not equal security by any stretch of the imagination. There are far too many misinformed individuals running websites, VPS, dedicated servers, etc. that believe this to be the case. Usually getting compromised is a good wake up call for them. Attacks and threats are evolving each day, just as your security should. Security is an ongoing process that never ends.

    It is far easier to maintain something properly from the start than it is to try and recover from a compromise or failure down the road. Sure, you might think applying patches is a waste of time but I guarantee you will think otherwise when an unpatched vulnerability results in a compromise.
    Dathorn, Inc. - Premium cPanel/WHM Hosting since 2002! Check Out Our Blog!
    Experience the Dathorn Difference! - andrew@dathorn.com
    LiteSpeed | Clustered DNS | CloudLinux | CageFS | KernelCare | Imunify360
    Pure SSD Storage | Off-Server & Off-site Backups | Softaculous | SpamExperts

  9. #9
    Hi, Andrew, good to see you!

    Here is someone who knows what he's talking about. I was on his servers for several years, and can't remember having any significant security issues take everything down, because he was vigilant.
    Tim Gallant Creative | Proof of Intelligent Design

  10. #10
    Join Date
    Nov 2002
    Location
    Oklahoma
    Posts
    702
    Hey Tim! Great to see you around as well. I didn't even realize it was you until I saw the name in the sig.

    For those unfamiliar with the process of securing a server I would have to echo some comments above and highly recommend consulting a management company or using a fully managed provider. Even then, though, you have to make sure they are being proactive about security and adapting to new threats.

    A good recent example is the Exim vulnerability from last week. Yes, cPanel did push out a patched version pretty quickly. A good provider would have known about the issue and had a fix available (if necessary) even quicker. It is a pretty safe bet to say that most individual cPanel VPS and dedicated server operators never even heard of it and luckily cPanel took care of it for them.
    Dathorn, Inc. - Premium cPanel/WHM Hosting since 2002! Check Out Our Blog!
    Experience the Dathorn Difference! - andrew@dathorn.com
    LiteSpeed | Clustered DNS | CloudLinux | CageFS | KernelCare | Imunify360
    Pure SSD Storage | Off-Server & Off-site Backups | Softaculous | SpamExperts

  11. #11
    Quote Originally Posted by mrzippy View Post
    Is that it??
    No. There are many other things that need to be done, install security software, secure things, tweak stuff, etc.
    HostXNow - Shared Web Hosting | Semi Dedicated Hosting | Enterprise Reseller Hosting | VPS Hosting

Similar Threads

  1. Replies: 0
    Last Post: 11-06-2012, 12:58 AM
  2. Replies: 2
    Last Post: 11-16-2011, 12:44 AM
  3. Replies: 0
    Last Post: 05-12-2011, 07:37 AM
  4. Replies: 0
    Last Post: 04-26-2011, 08:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •