Steps to secure your server and platform from hackers

Platform and server security is a large part of any magento developers job. I would say I spend about 50% of my time on it one way or another. Time in prevention, software updates, or remediation. To prevent the later part lets go though this check list one by one and discuss why and how do each one.

Of course start by keeping your software both platform and server up to date. If you have not done this start here then do the below.

This article is focused around the magento 2 platform running on centos with WHM/Cpanel installed. It can also apply to other platforms.

  1. Install Armor Anywhere These guys are a team of ethical hackers 50+ strong that monitor the darkweb forums for exploits people have found and scan your system to see if your vulnerable and let you know if you are what to do to patch it. Its software you install on the server that monitors everything scans all the files read more by following the link above.
  2. Follow this guide put out by cPanel https://documentation.cpanel.net/display/EA/Apache+Module%3A+SuPHP
  3. Install SuPHP as per the article above. If you have a cpanel server log into easyapache and enable it there otherwise put in a ticket with hosting provider.
  4. Enable 2 factor authentication in WHM -requires a 6 digit code that is sent to your device authenticator app. We have a non networked powered down device that is only powered up and networked for authentication then turned back off and back in a locked safe.
  5. Remove FTP to force SFTP connections through the SSH port. log into whm from the home page click on service manager then search for FTP un-check both of the boxes.
  6. Disable password authentication. SSH ports now require a key be installed on the server to connect that you have to get out of WHM after getting though the 2 factor – how someone would get around this is beyond me.. They would need to have your device as it is the only access point with the authenticator to get in. Only can be undone by restarting the server directly connected via laptop at the data center.
  7. I change the SSH port to random
  8. Install ClamAV for cPanel
  9. Enable 2 factor on cpanel
  10. Save the passwords for the server in a password protected file.
  11. Using ‘Host Access Control’ restricted WHM, Cpanel, SSH, cpdavd to your IP, and your hosting companies IPs.
  12. Disable Symlink https://documentation.cpanel.net/display/EA4/Symlink+Race+Condition+Protection
  13. Disable non used php version  php 5.5,5.6,7.0,7.1
  14. Enabled Jail shell
  15. In WHM search for security and open the security adviser make sure you follow the suggestions
  16. Setup Mod_Security
  17. Set production files as read only
  18. Install Two-Factor Authentication for admin. Many times I have seen platforms become compromised by a sql injection that creates an admin user. Once they have an admin account they can using the marketplace download a file editing program that allows them to upload files aka virus’s malware, etc. This is a must have. If your platform of choice is magento 2 then log into ssh and run this.
    composer require msp/twofactorauth:3.0.0

 

Leave a Reply

Your email address will not be published. Required fields are marked *