Latest Hosting News on Reddit

I’ve been running WHM servers for client hosting for years now, and I keep seeing the same pattern. Everyone locks down SSH and sets up CSF, then calls it a day. That’s fine for baseline security, but there’s a whole layer of WHM-specific attack surface that barely gets mentioned in the standard hardening guides. The things that actually bit me: Tweak Settings has a public access toggle buried in there. Go to Tweak Settings > Stats programs and make sure Awstats and Webalizer aren’t publicly accessible. I found out the hard way that default installs sometimes leave these exposed, and they leak way more server info than you’d want visible. Directory structure, bandwidth patterns, the works. cPHulk is not just “that brute force thing.” The default config tracks root login attempts but doesn’t block at the WHM port level. You need to actually enable protection for the 2087 port explicitly, or you’re just logging attacks without stopping them. Also, whitelist your own IP before you lock yourself out. Yes, I’ve done this. Compiler access is enabled by default for all accounts. Security Center > Compiler Access lets you restrict gcc and other compilers to root only. If you’re running shared hosting or reseller accounts, there is zero reason a random cPanel user needs to compile binaries on your server. This is how you end up with IRC botnets you didn’t know you were hosting. Email authentication (SPF/DKIM/DMARC) isn’t just for deliverability. It also stops your server from being used as a spam relay if an account gets compromised. Email Deliverability in WHM will show you which domains are misconfigured. Fix them. A compromised WordPress site sending 10k emails an hour will get your entire IP range blacklisted. I actually documented the full list of things I check on every new WHM setup here after the third time I had to explain it to a new team member. It covers the less obvious stuff like TLS cipher restrictions and the ModSecurity ruleset gotchas. The big one people sleep on: regularly audit your actual package list in WHM. Go to Packages > Feature Manager and look at what you’re giving resellers and end users by default. If “Shell Access” is enabled in your default package, you’ve basically handed SSH to everyone who signs up. I’ve seen this on way too many servers. What’s the weirdest security issue you’ve run into on a WHM box? I’m curious if anyone else has dealt with the Softaculous auto-update thing causing version conflicts that break security patches. submitted by /u/Veduis [link] [comments]

submitted by /u/No_Island_1309 [link] [comments]

submitted by /u/nisha_n05 [link] [comments]

submitted by /u/tejas_bhalerao [link] [comments]

I operate as a freelance creative in the UK and have a simple business website built and hosted on one platform to whom I pay the provider an annual subscription. I then pay a separate UK-based hosting provider for both my domain name that’s linked to the website via DNS and an email service (hello@mydomain) that I use to communicate with business contacts and clients. Current costs are as follows… $99 annually (approx £75) for the Cargo Collective site building platform where I’ve built and maintain a very simple, single-page, text-only website that acts as a brief intro to myself with social links and contact details. Work examples I provide directly as a PDF (for confidentiality reasons). £15.60 annually for my domain name which includes: – DNS management – Email forwarding £43.60 annually for a ‘cPanel lite’ hosting package which includes: – 20GB Web Hosting Space – Cloud Linux Protected Hosting – FREE Lets Encrypt SSL Certificate – Unlimited Monthly Traffic – 2 MySQL Databases – 10 Mailboxes – 1 Click Install Apps – Free 24/7 UK Support I’m currently not using the cPanel hosting package for anything other than emails and I’m constantly having email issues (account suspensions for cc’ing too many people into a single email etc), although the hosting company is extremely quick to respond to issues. I’m also paying a lot for the Cargo Collectives service when I’m only using it for an extremely simple one-page, text-based website. Is there a better solution for me that both saves costs and offers me a more robust email solution? submitted by /u/PlasticAttorney1980 [link] [comments]