Optimize your WebHost Manager (WHM)
Optimizing and Securing WHM
Web Host Manager (WHM) is an all in one system that allows simple administration over your VPS. You use WebHost Manager to create individual accounts, add domains to your server, manage hosting features, and performing basic system and control panel maintenance. WebHost Manager is used in conjunction with cPanel. cPanel is designed for managing particular domains or hosting accounts on your dedicated or virtual dedicated server. End users can control everything from adding/removing email accounts to administering MySQL databases.
You can easily optimize and secure WHM by configuring a few options in the GUI itself that can increase your server's productivity.
WHM > Server Configuration > Tweak Settings
Mailman is a memory glutton. It runs constantly as a process, gobbling memory for no good reason. Mailman allows you to create and manage mailing lists. Mailing lists allow you to send an email message to a single address, which then forwards it to multiple addresses.
If you don't need it, pop into WHM >> Server Configuration >> Tweak Settings >> Enable Mailman mailing lists and turn it off.
If you don't need anti-spam, nowadays most e-mail software/webmail provide anti-spam protection, so no point running it on your server, unless mail security is essential, also if you need it, you need to configure it properly so at least its not such a big performance hit.
Statistical analysis programs allow your users to view information about their site visitors. Well with google analytics and other offsite statistics software, you can live with just one stats software and webalizer is probably the lightest, disable the rest.
Unless you are hosting, most people are using pop3/imap or just offsite mail, so choose the most basic like squiremail, disable the RoundCube and Horde webmail.
FTP - File Transfer Protocol
In WHM >> Service Configuration >> FTP Server Configuration, there is an option to change 2 settings for FTP.
Allowing anonymous logins in generally considered to weaken the security of the server. Setting this option to "No" is recommended.
Allowing anonymous uploads in generally considered to weaken the security of the server. Setting this option to "No" is recommended.
WHM > Security Center
Apache mod_userdir Tweak > Enable mod_userdir protection
The mod_userdir feature provides the ability to view websites on your server by typing your hostname followed by a tilde and the website owner's username. (Example: http://host.example.com/~username.) Disabling this is desirable, as the bandwidth used when the site is accessed using this method is attributed to the web host's main domain, skipping bandwidth monitoring systems.
Shell Fork Bomb Protection > Shell Fork Bomb Protection
Fork Bomb Protection will prevent users with terminal access (ssh/telnet) from using up all the resources on the server. Unchecked resource allocation can potentially lead to a server crash. It is recommended that this protection be enabled for servers providing terminal access.
Compiler Access > Disable compilers
Many common exploits require a working C compiler on the system. This tweak allows you to deny compiler access to unprivileged users; you can also choose to allow some users to use the compilers while they remain disabled by default. You can grant access to specific users by clicking Allow specific users to use the compilers. To remove compiler access for a user, click that user's name under Remove a user from the compiler group.
How to Enable/Disable the SSH service from WHM?
Due to various reasons you may want to disable or enable SSH access to your VPS. Here is how to do this easily:
1) Connect to your WHM panel.
2) Scroll down in left hand menu to the section called "Service Configuration".
3) Find the link "Service Manager" and click it.
4) From the main screen find the name "sshd" (Secure Shell Daemon) located in "Service Information" column.
5) Uncheck the check boxes against the "sshd" to disable the service or make the opposite, to activate it.
Click "Save" button in the bottom of the page for the changes to take effect.
WHM > System Health > Background Process Killer
This feature allows you to pick programs that should automatically be terminated if they are found running. After a process is killed, you will receive an email notifying you that the process that has been killed. The processes in the list commonly result in denial of service attacks (DoS or DDoS) launching from or against your server. Many times, malicious users will rename the process so that it is difficult to find. However, this WHM feature will detect the process no matter what it has been renamed and automatically shut the program down when it is encountered.Check the following and then save:
BitchX - A popular command line IRC client.
bnc - BNC is a common IRC bouncer.
eggdrop - A popular IRC bot.
generic-sniffers - Sniffers can be used by a 3rd party to collect and analyze packets of information as they are transmitted between computers.
guardservices - An IRC bot.
ircd - The daemon that enables IRC.
psyBNC - psyBNC is a popular IRC network bouncer.
ptlink - ptlink is an IRC server.
services - An IRC bot.