Improve anti-virus and anti-spam in Plesk & cPanel

Improve anti-virus and anti-spam in Plesk & cPanel

Recently, we have noticed an increase in unwanted emails attached to infected documents. These are things you can do on your Plesk and cPanel control panels

But I still reinstate that local protection on your computers and devices like smartphones are extremely important. Most malware remains inactive until users intervention. Thus, these protections are your last defense.

For Plesk, I suggest you buy the extension known as Premium anti-virus.  After you have obtained the addon license you need to install through your ‘updates & upgrades’. The add-on license is not too expensive and it is worthy especially you are in business and many mailboxes.

For cPanel, installing ClamAV is a must. However, if you are running a VPS with a Gb memory or below, you might want to think twice as ClamAV uses resources especially during updates ad you have plenty of emails.

You can enhance the ClamAV by using 3rd party rules, but again you will need memory. The next solution you might want to consider is the MailScanner from Configserver. I recommend the Front-End costs USD 55, one-tine fee for its license. Useful and it makes your jobs so much easier.

My personal opinion on CSF firewall

My personal opinion on CSF firewall

CSF firewall is available free and most cPanel users might have a copy because it is free? Today, I’m sharing my experiences. Not on how you install CSF or what are the items but opinions on hows the firewall serves its purposes.

For the last decade, CSF has been the part and parcel of cPanel users. However, I’m not actually fond of installing CSF. It is not that CSF has not served its purpose, it is all about individual perception and expectation. why? Let me shares;

a. I have seen CSF in test mode since day one. If you have installed CSF, you will know CSF is in TEST mode by default.

b. Block everyone in the office, cannot send and receive emails. So if your coworkers are sharing the internet through the same router, shared public IP address will be blocked if someone has entered the wrong password a few times.

c. No or non-optimised settings on CSF. Users have left the settings by default or minimum settings were done because they are difficult to understand in layman terms.

So, my experiences are never good with CSF installed. 90% of the time, require troubleshooting if someone has installed CSF. If you have a fully managed hosting service or you have planned to sacrifice your personal time (as they can be very time consuming) to adjust and tweak it.

Exim vulnerability CVE2019-15846

Exim vulnerability CVE2019-15846

Guess by now you have heard about the Exim vulnerability on version 4.91 and earlier.  Exim mail server is widely used in cPanel. If you are using cPanel with the latest updates, your Exim is probably patched.

You can ensure the cPanel Exim is patched by logging to your VPS or server as root through SSH Type this command:

rpm -q --changelog exim | grep CVE-2019-15846

If you get a response like this – Applied upstream patch for CVE-2019-15846
Your Exim is patched with the new build 4.92 #5

However, for those still using EA3, the update is blocked and you need to migrate to EA4. You can do it from your WHM. The migration from EA3 to EA4 is pretty straight forward. The only reason, some is still in EA3 is because they have concerns on their website PHP compatibility since EA4 support minimum PHP 5.5 which is EOL too.

We strongly recommended you should upgrade to EA4 to get the Exim update immediately. Alternatively, if you have to use a lower PHP version, you can consider using CloudLinux since they have hardened the lower PHP versions ad the lower versions are available from the PHP selector.

Plesk Onyx or cPanel?

Plesk Onyx or cPanel?

Plesk Onyx or cPanel?

I would say this is a question for you when you are subscribing a web hosting. Some may have been using cPanel and some use Plesk. Whatever the case do you actually need them? The control panels are not free, they are selling in monthly or paid upfront yearly for a discount.

So, the question is do you need them? And which one? I have been dealing with many Linux and Windows servers, and my answer is yes. However, cPanel is limited to Linux only. If you have a Windows server, a control panel might not be necessary but it is making your life easier and save time on a Linux server.

It has to do with the operating system. In my opinion, this is the reason why you need it on a Linux server and it is not a must or you simply forget about it. So what to do with the operating system? On a Windows server, it offers a GUI and most items are manageable through the administrator’s interface.

Unlike a Linux server, you can operate a Windows server with little understanding. Just Google searches and navigate on a Windows server, you might find setting up your website is pretty straight forward, Thanks to the GUI, it is easy to understand the steps and what to execute.

Linux server uses a SHELL, and commands can be compleated. You might need customization for some hosted situation and these adjustments done on configuration are in text format. Any mistyped or misconfiguration can cause the service related refuse to start.

Each time you have made any changes to a configuration you need to reload to take effect. To set up a website like WordPress and install the required services and components, you will take more time on a Linux server than Windows server.

Especially to a novice, it is difficult to set up on a Linux server but the success rate is high on a Windows server. So that’s mean to say it a good idea to have a control panel on Linux server but you can dave if it a Windows server.

Now, we know high chance we will need a control panel if you own a Linux server, However, cPanel or Plesk Onyx works best for you? Actually, this control panel has targetted a different type of customers in my opinion. If you are a beginner and do not spend much time to understand each function, I suggest Plesk. However, if you want to dive deeper and better control on the server, goes with cPanel.

I personally like Plesk but sometimes I hate it when I want to do a bit more like changing the behaviour of my mail service, I always ended up in SHELL but it might not be the case for cPanel. One thing I’m sure is you will save plenty of time and it is much easier working with a control panel on a Linux server.

Most control panels work well with CentOS Linux distribution, thus it is popular.

Some are using shared hosting?

Some are using shared hosting?

Some are using shared hosting?

Actually, this question has bothered me, why people are using shared hosting while VPS are dirt cheap. Probably, you can get a VPS for just $5 a month and multiply by 12 months which is equal to $60. What $60? It is cheaper than a shared hosting plan.

But wait, we miss out a few things. There are a few reasons why they are still using and looking for shared hosting. If you look at a different angle or in their socks, VPS may not a good choice.

I have spoken to some, they have no idea what is a VPS, end of the day it is about price. In the past, VPS has a higher price than shared hosting, however, because of its popularity and server are cheaper nowadays, VPS’s price has fallen tremendously.

Price is probably the main factor. Secondly is the web panel like cPanel or Plesk, they are optional in a VPS. Unlike the shared hosting, basically, you do not have to think about it. Shared hosting is a web hosting ready to go. So it is simple, good for layman or people have little IT background.

Again, consumers must give themselves with choices and not limited to shared hosting. Hosting providers like us must be able to educate the consumers on the differences between VPS and shared hosting. Consumers will understand the pros and cons, and which types of web hosting are bettter.

Here are a few advantages of buying a VPS compares to shared hosting;

  • If you host more than one website, a VPS might save you more money.
  • Dedicated IP address comes default in a VPS. You never worry if your neighbour’s IP address is blacklisted in RBL.
  • You can update the kernel at your own schedule if it is a true VM.
  • Web service, mail service and others do not share with others. You have total control over these services.
  • You can root shell to your VPS.
  • You can modify the configuration of a VPS for the behaviour you wanted.
  • You can resell spare resources & more

However, there are cons like paying more for a control panel and it is likely you need to manage your web hosting if you faced any difficulty on a VPS. Only you have more time or you have the knowledge, it is worth considering buying a VPS for your website.

 

 

Do you need a web control panel?

Do you need a web control panel?

Do you need a web control panel?

This question is more for the VPS and the dedicated server users. A web control panel is likely an option when you order one of these web hostings.

The popular control panels are Plesk Onyx and cPanel with WHM. cPanel can hosts unlimited domains while Plesk Onyx comes in 3 variants support up to 10, 30 and unlimited domains. And if you are a reseller or managing a lot of users for a different domain, you should order Web Pro edition and above.

This has happened to be an option when you are ordering a VPS or dedicated server. You might be saving up to $20 every month if you are not installing a licensed control panel. There are free one but they have limited functions.

In my opinion, you can do most things without a control panel. But how soon? How fast? Who is or are using? Alright, we need to find out who are the users. If your users are business users and you are reselling, you need a control panel. If you are the administrator, you can do without in these conditions;

  • Do you have the knowledge to do it? Like to create a website, mailbox or an SSL certificate.
  • Do you have the resources? Like installing a mail server or an FTP server.
  • Do you have the time? If you need to repeatedly do the same task frequently,

 

To save the money without a control panel might require you t spend more time managing websites. Unless you are confident to do it quickly and the steps are correct, otherwise a control panel makes your life easier and you can get things done quickly.

Modsecurity in cPanel

Another great feature in WHM/ cPanel easily neglected is the modsecurity. It is useful you have not got any web protection like Sucuri Firewall Pro. Users did not enable this feature to protect their open sourced website like WordPress, Joomla etc. This module is enabled by default but there is no rule to process. So it is as good as it is disabled.

Go to modsecurity to install vendors, I use OWSAP commonly. And remember to enable to process the rules in configuration. The rules will stop common attacks and viabilities of your website. This is important feature to those do not have ant web protection.

CSF and WHM/ cPanel

This is commonly found in a WHM / cPanel VPS or dedicated server. Actually, CSF is effective and it is free. A lot of server admin will install them as soon as they have received it. But seriously speaking, how many users know how to tweak and optimise the performance. Honestly, very few and I always see people left them in auto-pilot mode and full stop. So what is CSF? Yes, it is a firewall and it is software based. It is installed onto the server.

There is nothing wrong to install a piece of free and useful software. Wait for a second, did I just say it was useful? In certain extent, it is a Yes. But I have seen many cases, CSF is added burden to the user.

I have seen many as I have said, they simply install and turned on the firewall. If you are doing this, you might accidentally block good users or in the worst situation, you are blocked. When such a thing has happened, may have treated the service is not available and it can be frustrating especially it has happened often. There is the case, like packet loss when you are pinging the server IP or domain name. This is because of CSF. Simply turn it off and everything is back to normal.

Don’t get me wrong, CSF is useful but you need to know how to use it. Without, it can be a hassle for you. So I never buy an idea like installing a software firewall on the server. Actually, if the attacks come, the firewall will eat up the resources on the server and eventually the server performance is affected. But a web firewall like Sucuri Firewall Pro does not install onto the server, it has offloaded the server and because of many distributed points, it helps to speed up a website if you are staying further from the source of the website.

Plesk Onyx vs cPanel

I have used both web control panels on VPS and dedicated server.l. Even you are expert in your operating system. These control panels make your job easier and organised. If someone is asking, which control panel is better? My answer can be confusing, I will say it depend.

Yes, it depends on what you are planning to host and do. We put the monthly licence expense aside. These control panels have served the general purposes but in depth, there are differences. And these control panels have their strong and weak points. As a provider, here are my experiences.

  • in terms of UX and the layout, I will give the credit to Plesk. The login panel, the layout and the icons are much easier to navigate. Layman will find the essential functions after they logged in.
  • if you have an old website is using only PHP5.2 and cannot upgrade, I will suggest Plesk in this case The PHP select has a wider range.
  • backup function in cPanel has greater flexibility, offer more choices on the repository.
  • PHP extension with Apache in cPanel is compiled using Easy Apache with better compatibility.
  • more users and restrictions can be created in Plesk, ideal for the owner has engaged a 3rd party who need to access the control panel.
  • cPanel has only 1 license type on unlimited for both VPS and dedicated server. Plesk starts with 10 domains onward, can be confusing,
  • cPanel has more thleskPings and modules to install, thus it takes longer time.
  • Anti-virus is ClamAV on cPanel which is free. Plesk premium AntiVirus is free for 1st 10 and you need to pay for the license for additional mailboxes.
  • You get better settings on Anti-Spam for cPanel.
  • Plesk has firewall settings out of the box
  • Plesk is using postfix and cPanel s Exim for the mail server. Personally found postfix is less confusing.
  • cPanel has more security settings and better protection.
  • cPanel has more choice on using the different type of service like DNS, FTP etc.

These are some of the differences for both control panels. For a novice user, I will strongly recommend Plesk. However, cPanel has better control, especially you had been working with shell. Now, you can probably use cPanel to accomplish.

cPanel 11.52 on LXC

Today, I’ve installed cPanel 11.52 on LXC. LXC knowns as Linux Containers certainly are a lightweight virtualization technology. They are more quite like an enhanced chroot instead of full virtualization like Qemu or VMware, they do not emulate hardware and share the same operating system kernel on a host. Linux-vserver and OpenVZ are two pre-existing, independently developed implementations of containers-like functionality for Linux.

Vastspace has no plan to launch LXC any time soon in spite of the benefits and performance gain over OpenVZ. In case you want to try it out yourself, this is the recommendation from cPanel.

To run cPanel & WHM inside an LXC container, cPanel strongly recommend that you use the following settings:

Host

We strongly recommend that you use Red Hat® Enterprise Linux (RHEL) 7, CloudLinux™ 7, or CentOS 7 as your LXC host. This ensures the best compatibility with cPanel & WHM. While other Linux distributions may work, they require that the system administrator performs additional steps, which we do not support.

Guest

We strongly recommend that your LXC containers use CentOS, RHEL, or CloudLinux 6 as the guest. A CentOS, RHEL, or CloudLinux 7 installation requires additional steps to use it as the guest.

Privileged vs unprivileged containers

cPanel & WHM functions in both privileged and unprivileged containers. We strongly recommend that you run cPanel & WHM in a privileged container, because it expects unrestricted access to the system.

The following limitations are inherent to an unprivileged container:

  • The host operating system treats the root user as a non-root user.
  • You cannot raise the hard limit of a process if you previously lowered it. This action could cause EasyApache 3 to fail.
  • Subtle behavior differences may occur.

Required changes for CentOS 7, RHEL 7, or CloudLinux 7

You must make the following configuration changes to run cPanel & WHM inside an LXC container:

  1. After you create the LXC container, change the lxc.include line in the lxc.conf file to the following line:
    lxc.include = /usr/share/lxc/config/fedora.common.conf
  2. Edit the lxc.conf file to drop setfcap and setpcap capabilities. To do this, comment on the following lines:
    1
    2
    # lxc.cap.drop = setpcap
    # lxc.cap.drop = setfcap
  3. If your system uses AppArmor, you must uncomment the following line in the lxc.conf file:
    lxc.aa_profile = unconfined