Comments on: cPanel Apache Security and Optimization

By: Claudiu Popescu

Claudiu Popescu — Sun, 04 Dec 2011 18:40:46 +0000

Hi Chris,

About mod security, I am aware of the fact that installing it won’t help at all.
I did forgot to mention this and to give a few links for mod security rules.

Now about safe mode for php, when I wrote this tutorial I didn’t know very much about safe mode indeed, but I did read the documentation.
At the time, when I used it in production, it was for a server offering free web hosting. You can’t even imagine how many users try to hack into the server using all kind of php scripts.
Anyway, I stopped using it a long time ago (deprecated since php 5.3 anyway) and I will update my tutorials soon.

Thanks for your comments

By: Chris

Chris — Wed, 12 Oct 2011 06:58:00 +0000

Also, safe mode is useless!

Explanation: If you offer web-hosting, and offer other scripting languages than PHP (such as Perl), if PHP’s safe mode won’t allow vandals into your web presence, they will simply use Perl. If you don’t offer web-hosting, then you don’t need it, as it is supposed to “fix” the shared-server security problem.

Also, safe mode prevents scripts from creating and using directories and files (because they will be owned by the web server, not by the user who uploaded the PHP script). So it’s not only useless, it’s also a hindrance!

It is architecturally incorrect to try to “fix” the shared-server security problem on the PHP level, and you should take measures to fix it on the web-server level. Site-administrators who know what they are doing, know how to do this.

I am sorry to say, but I believe you didn’t know exactly what you were doing when you wrote this tutorial. With all due respect, knowledge comes with experience.

By: Chris

Chris — Wed, 12 Oct 2011 05:57:09 +0000

I hope you know that in order to become really effective, Mod_Security must be configured with rules that help it recognize threats and defend against them. Just “checking it” in EasyApache as you suggest, doesn’t make any sense…

By: cPanel Apache Security and Optimization | Vos One

cPanel Apache Security and Optimization | Vos One — Fri, 12 Aug 2011 00:47:06 +0000

[...] 1. Navigate to: Main >> Security Center >> Apache mod_userdir Tweak And check: “Enable mod_userdir Protection” 2. Navigate to: Main >> Service Configuration >> Apache Configuration >> Global Configuration Now configure the options as bellow: TraceEnable – Off ServerSignature – Off ServerTokens – ProductOnly FileTag – None MaxClients – 256 MaxRequestsPerChild – 1000 Click “Save” and in the following window click “Rebuild Configuration and Restart Apache”. If you server is under heavy traffic then you should edit: /usr/local/apache/conf/httpd.conf ? [...]

By: cPanel PHP Optimization / Hardening | Vos One

cPanel PHP Optimization / Hardening | Vos One — Fri, 12 Aug 2011 00:44:11 +0000

[...] Before you go ahead with this I strongly recommend reading this article. [...]

By: Claudiu Popescu

Claudiu Popescu — Mon, 11 Jul 2011 19:14:01 +0000

True, I will update this tutorial soon to reflect recent changes with Apache, cPanel and so on.

By: Server Hardening

Server Hardening — Sun, 10 Jul 2011 06:11:08 +0000

Removing apache modules that are not needed could help secure the installation a bit more. Additionally, fewer mods result in a smaller executable and memory footprint… this means you could run more processes total in limited memory. My performance testing also resulted in faster performance as well, although not by a very large amount (I think it was 17%).

By: Claudiu Popescu

Claudiu Popescu — Thu, 14 Apr 2011 21:08:49 +0000

@ Solo – At the time I wrote this tutorials I hoped to start a tutorial database for myself and it could help others.
Anyway I didn’t had much time lately.

@Kirsten – By not doing it you risk to get your server overloaded. The guys at cPanel made this script, it reads the memory installed in your server and configures the apache limits accordingly.
By not setting a value for RLimitMEM your server is vulnerable to exploits and badly written scripts.

By: Solo

Solo — Thu, 14 Apr 2011 16:21:48 +0000

I think you should expand your articles (basically all of the tutorials) – and describe WHY you are doing what you’re doing more. Many things just describe for us to blindly follow you, that’s not really teaching anything…

By: Kirsten

Kirsten — Fri, 08 Apr 2011 15:34:24 +0000

Thanks again for the tips Claudiu. I had initially found this post while trying to get more info on the memory usage restriction config, because there just wasn’t that much of an explanation in the Apache documentation in regard to the pro & cons. In your tutorial you recommend it… but why? and what does it actually do? and once you do it, can it be undone if need be?

By: Claudiu Popescu

Claudiu Popescu — Fri, 08 Apr 2011 06:24:49 +0000

Hi Kirsten,

I suggest switching to Nginx + Apache or LiteSpeed. Apache by its own is not that great for high traffic web sites.

By: Kirsten

Kirsten — Thu, 07 Apr 2011 17:23:23 +0000

Hello Claudiu,

Thanks for posting this info… I am curous about #3 though. It seems like it might be a good idea, but what is it actually accomplishing? And what happens if traffic picks up on a site and it needs more memory allocation than it did at the time the restrictions were set?

By: Claudiu Popescu

Claudiu Popescu — Fri, 04 Mar 2011 07:53:33 +0000

@John
The latest php 5.2.x is recommended (don’t use an older version since it might have exploits).

@ThinkFast
GD is optional, and indeed needed this days. You must activate the features needed by your web sites, it’s not that easy for a beginner tho.

@Fred
I might write one soon, but I like LiteSpeed so much that I stopped using Apache + FCGID

By: Fred

Fred — Thu, 03 Mar 2011 21:22:48 +0000

Thanks! Good info!

When will you do the article about ” how to securely configure fcgi as php handler”?

Thank you very much!

By: Kate Mag

Kate Mag — Fri, 18 Feb 2011 14:10:29 +0000

Your article helped me solve my apache/php problem.

Thank you

By: ThinkFast

ThinkFast — Sat, 05 Feb 2011 23:56:33 +0000

What about GD ?

By: John

John — Mon, 20 Dec 2010 11:24:59 +0000

I only had the choice between PHP minor versions PHP 5.2.9 & PHP 5.2.15

I went for PHP 5.2.15
Was that the right way to go?

By: server optimization

server optimization — Sat, 20 Mar 2010 16:47:39 +0000

[...] Private Server) technologies. Unlike a shared server where everyone shares a pool of server …cPanel Apache Security and Optimization | Dedicated server …cPanel comes with apache compiled and configured, but it's not secure at all, it's not configured [...]

By: cPanel Apache Security and Optimization | Dedicated server hosting … | webhostingnew.com

Sun, 07 Mar 2010 22:56:28 +0000

[...] this article: cPanel Apache Security and Optimization | Dedicated server hosting … Posted in Cpanel Tutorials Tags: know-more, place, servers-and, the-place-, web hosting, [...]

By: Claudiu Popescu

Claudiu Popescu — Wed, 24 Feb 2010 15:06:13 +0000

Thank you for the info.
This article was meant only for Apache, I’ll be writing a few more articles that will explain firewalls, linux security and more.