Server Support: Optimize, Tune & Secure

These days a Joomla-webmaster needs to attend in great detail to the system environment of the hosted account. More than ever it shows that basic "managed" server support is insufficient to optimize and secure your precious and valuable online presence. You can optimze your Joomla webesite itself and install Optimization extensions or Firewall extensions available to you but the proper setup and tweaking of your server is crucial for s secure and perfectly tweaked system environment so you won't run into performance issues that causes visitors to avoid your site of getting hacked and damaging your reputation and financial bottom-line.

A good server deployement is the most important defense against hacking and offers and optimized surfing experience when visiting your site.

GWS-Webmaster.Services offers assitance to webmasters to Tune and Optimize their VPS and/or Dedicated (Cloud) servers. Through our extensive knowledge of Linux, cPanel, Exim and MailScanner we are able to provide an optimum secured and state-of-the-art system environment, fully tweaked to support your Joomla! based websites. Our services are provided for the following Linux platforms running cPanel: RedHat Enterprise, CentOS and CloudLinux and are delivered by our Linux Certified System Administrators. A prerequisite is that cPanel is installed on your VPS or dedicated server.
We utilize the software packages of Configserver among other tools to tweak/tune your server. We implement (or optimize settings if present):

PHP Configuration

Multiple PHP versions

Upgrade to EA4 or Cloudlinux-Multi PHP & Adjust PHP.INI files
Both EasyApache4 and Cloudlinux offer Multiple PHP versions to be activated for your account. A webmaster should always aim to run the latest Stable PHP-version for her/his Joomla site and both platforms offer the option to select per Joomla site on the server a proper PHP-version. This is for instance good so you can check if a Joomla extension is compatible with the latest PHP-release. (Note Joomla runs perfectly well on latest PHP 7.2 ). We will enable this on your server and will per PHP-version adjust the PHP.INI values so Joomla can run very well and smooth on your system. We will also create the proper EasyApache4 profiles for your server

Install MariaDB

Powerfull Fork of MySQL

Used by Wikipedia, Google and Wordpress

MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, WordPress.com and Google. MariaDB is a fork of MySQL but is much faster, and more secure

MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.

MariaDB is developed as open source software and as a relational database it provides an SQL interface for accessing data. The latest versions of MariaDB also include GIS and JSON features and MariaDB is fully compatible with MySQL and Joomla works very fast on a box with MariaDB.


Secure Sever Access

Lock down Shell Access

Protects your Port 22
This is a most important step in your server security. We will disable direct root access to Shell/Terminal which runs of port #22.
We will:
  • Change the port
  • Disable root access
  • Create a Wheelgroup user (administrator account)
The wheel group is a special user group used on Unix systems to control access to the su or sudo command. Users that are part of the weheel group are able to access to the root folder of your server. So without knowing the wheel group user and the corresponding password you cannot reach the root directory. Once you login as wheelgroup user you will be asked for the root-password so more or less a two-step authorization

Full Server upgrade

State-of-The-Art System

Complete system upgrade incl. kernel update & Tweak Settings

This is a 2-step process. The first Tweak (see cPanel's docs for this part of the service). The second Tweak will be done after we have installed the CFS-Firewall and upon confiuring this software we will revisit some of the Tweaks to even more balance the system.

In this step all system packages will be upgraded. This is valid for among others Apache, cPanel, FTP, EXIM, MySQL/MariaDB, PhPMyAdmin and all the other modules and Addons in use on the server such as cPanel' s cpHulk Brute Force Protection


Configserver IP-Table Firewall

Install and/or Configure

Login/Intrusion Detection and Security application for Linux servers.

ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings.

CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites. ConfigServe Firewall also comes with a service called Login Failure Daemon, or LFD. LFD watches your user activity for excessive login failures which are commonly seen during brute force attacks. If a large amount of login failures are seen coming from the same IP address, that IP will immediately be temporarily blocked from all services on your server. These IP blocks will automatically expire, however they can be removed manually through the ConfigServer interface in WebHost Manager.

In addition to removing IPs, CSF also allows you to manually whitelist or blacklist IPs in your firewall, as well as real time monitoring for automatic IP blocks in LFD. This is covered in Managing Your CSF Firewall.

We will install CFS on your server if not already present (replacing any other sw firewall installed) or if already installed properly configure the system.


Configserver Services Package

Configserver cPanel Service Package incl. active Exploit scanning CXS

installation, configuration and testing of each component

This comprehensive cPanel server service can be provided for most Linux (not FreeBSD) platforms running cPanel. We will perform the installation, configuration and testing of each component of the service in close cooperation of the professionals of Configserver and we will tweak the settings after our partner has finished their part of nthe service. . We do not use scripts to perform this work (as some providers do) but perform each task by hand to ensure it is correctly installed and configured to your servers requirements.

The aim of this work is to help:

  • Secure your server from attack
  • Perform server tuning to better cope under load
  • Provide relevant regular information from your server to identify any security breaches or anomalous behaviour
  • Check for existing exploits installed or running on the server
This includes also CSX, The ConfigServer eXploit Scanner (cxs) which is a tool from us that performs active scanning of files as they are uploaded to the server. Initial installation with recommended configuration options is included with the license which will be provided by GWS-Webmaster.Services and is included in the GWS-Service Package fee. The power of this package is that it intercepts exploits before they even reach your Joomla website!

ConfigServer MailScanner Front-End for cPanel

Scan emails for spam and viruses

Installation and configuration

CSM allows you for the server to control how the email is scanned for spam and viruses. This application provides a user front-end to a MailScanner installation on cPanel. It consists of three parts:

I.  A front-end that becomes part of the cPanel theme. This allows users to maintain their own settings, via a script, that modifies a text file stored in their cPanel account. It also allows users to configure:

  • Per domain actions for two score levels for spam scanning
  • Per domain actions for virus scanning
  • Per cPanel account whitelists and blacklists
  • Per cPanel account low and high score settings
  • Per cPanel account configurable forwarding email address for spam
II.  A WHM front-end for server-wide management of MailScanner
III. A back-end script that checks the user files to see if they have been modified. It then generates the appropriate entries for their domain in the MailScanner ruleset files

ConfigServer Add-ons

SW Tools to assist these services

Installation and configuration

Configserver provides a couple of add-ons that will help in several area;s:

I. Mod_Security Control (CMC)

The product provides you with an interface to the cPanel mod_security implementation from within WHM. With ConfigServer ModSecurity Control you can:

  • Disable mod_security rules that have unique ID numbers on a global, per cPanel user or per hosted domain level
  • Disable mod_security entirely, also on a global, per cPanel user or per hosted domain level
  • Edit files containing mod_security configuration settings in /usr/local/apache/conf
  • View the latest mod_security log entries
This is an important tool for a Joomla webmaster since a badly coded extension can give you a white screen of death for instance or crashes your website. Through the Apache logs one is able to identify the rule that is blocking the action and a webmaster can decide to replace the extension or disable the rule for that specific site. Note Apache v2+ and mod_security v2.5+ must be installed via Easyapache.

II. CFS Mail Queues

The product provides you with a full featured interface to the cPanel exim email queues from within WHM.

The ConfigServer Mail Queues can be an essential tool for:

  • Determining why inbound or outbound email delivery is failing
  • Deleting bounce emails
  • Deleting frozen (undeliverable) emails
  • Forcing queue runs (especially useful for Smart Router emails to Exchange servers that are intermittently online)
  • Integrates with MailScanner, if installed, to offer views/deletion of email in both the Pending and Delivery queues
  • Searching for and viewing/deleting emails to/from specific domains and addresses
  • Viewing the email history from the exim mail logs for specific emails
  • Retry delivery for specific emails
III. CFS Mail Manage

A MUST for a webmaster!

The product provides you with an interface to the cPanel user accounts email configuration without having to login to their accounts. It is domain based rather than account based and allows you to do all the following from within WHM:

  • View, edit and delete email accounts
  • View, edit and delete email forwarders
  • View, edit and delete email filters
  • View and modify email account quotas
  • Modify email account passwords
  • Modify Outgoing Mail Hourly Limits
  • List only email accounts that are overquota (or over a specified percentage)
  • List only email accounts that are over a specified size
  • View the total number of emails in an email account
  • Empty an email account
  • View emails in an email account
  • Individually delete emails in an email account
  • View, enable and disable GreyListing in bulk and per domain

We will be happy to assist you in Optimizing, Tuning and Securing your server! Get peace of mind and have sweet dreams!

Optimize, Tune & Secure now!


Only US$ 375 (incl. CFS Licenses)

Note: We need full root access to your server and cPanel must be installed.

logohostAll of this comes free of any charges if you operate a G-Force Managed VPS or (Cloud) Dedicated server of our division GWS-Host.com