For more information and tutorial,visit this url ==>>http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/WebHome
Goto Main ==>> ServerConfiguration =>> Tweak Settings in WHM
To make secure,change the settings as
1. Number (or all) of accounts to display per page in list accounts = 30
2. Disable : Allow users to park subdomains of the server’s hostname main domain
3. Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
4. Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
5. Disable : Allow resellers to create accounts with subdomains of the server’s hostname main domain
6. Disable : Allow Creation of Parked/Addon Domains that are not registered
7. Disable : When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone
8. Enable : Prevent users from parking/adding on common internet domain
9. Enable : Silently Discard all FormMail-clone requests with a bcc: header in the subject line
10. Fail: Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
11. disable:Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)
12. The maximum each domain(mail limits) can send out per hour (0 is unlimited)-200 or 300
13. Disable: Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)Disable should enabled on server with phpsuexec.
14. Disable: Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)
15. BoxTrapper Spam Trap
16. Disable : Add the mail. prefix for mailman urls
17. Enable:Horde Webmail
18: Enable: Mailman
19. RoundCube Webmail
20. SpamAssassin Spam Filter
21. SpamAssassin Spam Box delivery for messages marked as spam (user configurable)
22. SquirrelMail Webmail
23. Disable:Send passwords in plaintext over email when creating a new account
24. Disable:Awstats Reverse Dns Resolution
25. Disable:Analog
26. Disable:Allow users to update Awstats from cPanel
27. Enable: Notify the admin, (or the reseller), when an account has reached the "critical" Disk Usage state
28. Threshold percentage where a user's disk usage is considered to be in the "critical" state. (0 will disable this notification)-90
29. Number of days between processing log files and bandwidth usage = 1
30. Enable : Delete each domain’s access logs after stats run
31. The load average above the number of cpus at which logs file processing should be suspended = 10
32. Enable : Keep Stats Log between cPanel restarts
33. Disable : Allow Perl updates from RPM based linux vendors
34. Enable : Use jailshell as the default shell for all new accounts and modified accounts
35. Disable : Allow cPanel users to reset their password via email
36. Enable : Spamassasssin
37.Enable PHP open_basedir Protection. Tweak Security
38. Enable mod_userdir Protection.
39. Enable SMTP Tweak
40. Disable Compilers for unprivileged users.
2. Disable : Allow users to park subdomains of the server’s hostname main domain
3. Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
4. Disable : Allow users to Park/Addon Domains on top of domains owned by other users.
5. Disable : Allow resellers to create accounts with subdomains of the server’s hostname main domain
6. Disable : Allow Creation of Parked/Addon Domains that are not registered
7. Disable : When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone
8. Enable : Prevent users from parking/adding on common internet domain
9. Enable : Silently Discard all FormMail-clone requests with a bcc: header in the subject line
10. Fail: Default catch-all/default address behavior for new accounts. "fail" is usually the best choice if you are getting mail attacks.
11. disable:Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)
12. The maximum each domain(mail limits) can send out per hour (0 is unlimited)-200 or 300
13. Disable: Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)Disable should enabled on server with phpsuexec.
14. Disable: Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)
15. BoxTrapper Spam Trap
16. Disable : Add the mail. prefix for mailman urls
17. Enable:Horde Webmail
18: Enable: Mailman
19. RoundCube Webmail
20. SpamAssassin Spam Filter
21. SpamAssassin Spam Box delivery for messages marked as spam (user configurable)
22. SquirrelMail Webmail
23. Disable:Send passwords in plaintext over email when creating a new account
24. Disable:Awstats Reverse Dns Resolution
25. Disable:Analog
26. Disable:Allow users to update Awstats from cPanel
27. Enable: Notify the admin, (or the reseller), when an account has reached the "critical" Disk Usage state
28. Threshold percentage where a user's disk usage is considered to be in the "critical" state. (0 will disable this notification)-90
29. Number of days between processing log files and bandwidth usage = 1
30. Enable : Delete each domain’s access logs after stats run
31. The load average above the number of cpus at which logs file processing should be suspended = 10
32. Enable : Keep Stats Log between cPanel restarts
33. Disable : Allow Perl updates from RPM based linux vendors
34. Enable : Use jailshell as the default shell for all new accounts and modified accounts
35. Disable : Allow cPanel users to reset their password via email
36. Enable : Spamassasssin
37.Enable PHP open_basedir Protection. Tweak Security
38. Enable mod_userdir Protection.
39. Enable SMTP Tweak
40. Disable Compilers for unprivileged users.
Tags:-whm,whm configure,whm settings,whm to secure serve,server secre using whm,whm configuration,whm settings
