How To Secure Your Server And Platform From Hackers?

For any Magento developer, platform and server security come first in his job. Nearly 50 per cent of the time is spent on it one way or another. In this article, we have mentioned some of the effective security steps which will save your server from hackers.

Let’s go through the below list one by one and discuss them briefly.

Before starting these steps make sure that your platform and server is up to date.

These steps are mainly focused around the Magento 2 platform that are running on centos with WHM/Cpanel installed.

1. Install Armor Anywhere

It’s a team of 50+ ethical hackers. They keep a check on the darkweb forums for exploits people which are found and then scan your system to see if it’s vulnerable and inform you accordingly and later they patch it.

2. Follow below link cPanelhttps://documentation.cpanel.net/display/EA/Apache+Module%3A+SuPHP

3. Install SuPHP

Enable cpanel server log into easyapache or you can put in a ticket with hosting provider.

4. In WHM enable 2-factor authentication

It needs a 6 digit code which is sent to your device authenticator app. It keeps your platform safe and locked.

5. Through the SSH port remove FTP to force SFTP connections

From home page go to WHM via login and then click on service manager and search for FTP un-check both boxes.

6. Disable password authentication

Now you need a key to install SSH ports on the server which you have to get out of WHM only after getting through 2 factors. First, they need your device as it is the only access point with the authenticator to get in. you can undo by restarting the server directly connected through a laptop at the data centre.

7. Change the SSH port to anything random

8. For cPanel install ClamAV

9. On panel enable 2 factor

In a password protected file save the passwords for the server.

10. Using ‘Host Access Control’ restricted WHM, Cpanel, SSH, cpdavd to your IP, and your hosting companies IPs.

11. Disable Symlink

https://documentation.cpanel.net/display/EA4/Symlink+Race+Condition+Protection

12. Disable non used php version php 5.5,5.6,7.0,7.1

13. Enabled Jail shell

14. In WHM search for security and open the security adviser and follow below suggestions

• Setup Mod_Security

• Set production files as read-only

15. For the root disable SSH login

USER https://mediatemple.net/community/products/dv/204643810/how-do-i-disable-ssh-login-for-the-root-user

16. Use SSH Agent Forwarding to SSH from servers to servers instead of copying your SSH private keys on servers. On GNU/Linux use ssh-agent or GnomeKeyring with ForwardAgent yes under a trusted Host entry in your .ssh/config file6

On Windows PuTTY’s Pageant supports SSH

Agent Forwarding

17. For admin install two-factor authentication

The number of platforms is compromised due to SQL injection which creates an admin user. If they get an admin account then they use the marketplace to download a file editing program that allows them to upload files mainly known as virus’s malware, etc and in Magento 2 you can run the below command by login into SSH

composer require msp/twofactorauth:3.0.0

18. Always copy files and database independently. Do not use cpanel to cpanel account to transfer your account.

19. Avoid using the same passwords on the new account and also change database and account passwords.

20. enable a jailed shell environment for all new and modified users, use the Use cPanel® jailshell by default option in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).

21. Always include the suEXEC module during the compilation of Apache as it makes that CGI applications and scripts run as the user that owns as well as executes them.

22. In WHM go to security adviser to make sure you pass all the checks.