Who's got some KILLER tips on Server Hardening with cPanel?
I've always thought I was decent at securing servers. Not the best, but better than usual.
I've been put to shame a few times this week.
What happened, was the server was rooted, had to have been rooted, no other way i can think of that virtually everything in / would be removed.
Here's a quick overview of what was done:
GRSec Kernel 2.6.11.12 was installed (with grsec enabled. If you want specific options I can dig them out).
APF & BFD installed.
Root logins disabled. 2 wheel users, both with random alphanumeric passwords, each 32 characters in length (md5sum).
mod_security with 'decent' ruleset (trying not to hinder usability)
Root PW was client specified, though relatively strong (using special symbols and such).
This was done more than once using courier and uwimap as imap servers on different times, if this matters.
Client was only using https form of WHM access.
MySQL 4.0.x
PHP 4.4.1
Everything else was off-the-shelf cPanel CURRENT specification.
I've looked around and haven't seen ANY obvious exploits that would enable this.
Anyone have any suggestions? The long nights are getting a little harsh.
