Server Support: Optimize, Tune & Secure
These days a Joomla-webmaster needs to attend in great detail to the system environment of the hosted account. More than ever it shows that basic "managed" server support is insufficient to optimize and secure your precious and valuable online presence. You can optimze your Joomla webesite itself and install Optimization extensions or Firewall extensions available to you but the proper setup and tweaking of your server is crucial for s secure and perfectly tweaked system environment so you won't run into performance issues that causes visitors to avoid your site of getting hacked and damaging your reputation and financial bottom-line.
A good server deployement is the most important defense against hacking and offers and optimized surfing experience when visiting your site.
GWS-Webmaster.Services offers assitance to webmasters to Tune and Optimize their VPS and/or Dedicated (Cloud) servers. Through our extensive knowledge of Linux, cPanel, Exim and MailScanner we are able to provide an optimum secured and state-of-the-art system environment, fully tweaked to support your Joomla! based websites. Our services are provided for the following Linux platforms running cPanel: RedHat Enterprise, CentOS and CloudLinux and are delivered by our Linux Certified System Administrators. A prerequisite is that cPanel is installed on your VPS or dedicated server.We utilize the software packages of Configserver among other tools to tweak/tune your server. We implement (or optimize settings if present):
MariaDB Server is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, WordPress.com and Google. MariaDB is a fork of MySQL but is much faster, and more secure
MariaDB turns data into structured information in a wide array of applications, ranging from banking to websites. It is an enhanced, drop-in replacement for MySQL. MariaDB is used because it is fast, scalable and robust, with a rich ecosystem of storage engines, plugins and many other tools make it very versatile for a wide variety of use cases.
MariaDB is developed as open source software and as a relational database it provides an SQL interface for accessing data. The latest versions of MariaDB also include GIS and JSON features and MariaDB is fully compatible with MySQL and Joomla works very fast on a box with MariaDB.
We will:
- Change the port
- Disable root access
- Create a Wheelgroup user (administrator account)
This is a 2-step process. The first Tweak (see cPanel's docs for this part of the service). The second Tweak will be done after we have installed the CFS-Firewall and upon confiuring this software we will revisit some of the Tweaks to even more balance the system.
In this step all system packages will be upgraded. This is valid for among others Apache, cPanel, FTP, EXIM, MySQL/MariaDB, PhPMyAdmin and all the other modules and Addons in use on the server such as cPanel' s cpHulk Brute Force Protection
ConfigServe Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings.
CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites. ConfigServe Firewall also comes with a service called Login Failure Daemon, or LFD. LFD watches your user activity for excessive login failures which are commonly seen during brute force attacks. If a large amount of login failures are seen coming from the same IP address, that IP will immediately be temporarily blocked from all services on your server. These IP blocks will automatically expire, however they can be removed manually through the ConfigServer interface in WebHost Manager.
In addition to removing IPs, CSF also allows you to manually whitelist or blacklist IPs in your firewall, as well as real time monitoring for automatic IP blocks in LFD. This is covered in Managing Your CSF Firewall.
We will install CFS on your server if not already present (replacing any other sw firewall installed) or if already installed properly configure the system.
This comprehensive cPanel server service can be provided for most Linux (not FreeBSD) platforms running cPanel. We will perform the installation, configuration and testing of each component of the service in close cooperation of the professionals of Configserver and we will tweak the settings after our partner has finished their part of nthe service. . We do not use scripts to perform this work (as some providers do) but perform each task by hand to ensure it is correctly installed and configured to your servers requirements.
The aim of this work is to help:
- Secure your server from attack
- Perform server tuning to better cope under load
- Provide relevant regular information from your server to identify any security breaches or anomalous behaviour
- Check for existing exploits installed or running on the server
CSM allows you for the server to control how the email is scanned for spam and viruses. This application provides a user front-end to a MailScanner installation on cPanel. It consists of three parts:
I. A front-end that becomes part of the cPanel theme. This allows users to maintain their own settings, via a script, that modifies a text file stored in their cPanel account. It also allows users to configure:
- Per domain actions for two score levels for spam scanning
- Per domain actions for virus scanning
- Per cPanel account whitelists and blacklists
- Per cPanel account low and high score settings
- Per cPanel account configurable forwarding email address for spam
III. A back-end script that checks the user files to see if they have been modified. It then generates the appropriate entries for their domain in the MailScanner ruleset files
Configserver provides a couple of add-ons that will help in several area;s:
I. Mod_Security Control (CMC)
The product provides you with an interface to the cPanel mod_security implementation from within WHM. With ConfigServer ModSecurity Control you can:
- Disable mod_security rules that have unique ID numbers on a global, per cPanel user or per hosted domain level
- Disable mod_security entirely, also on a global, per cPanel user or per hosted domain level
- Edit files containing mod_security configuration settings in /usr/local/apache/conf
- View the latest mod_security log entries
II. CFS Mail Queues
The product provides you with a full featured interface to the cPanel exim email queues from within WHM.
The ConfigServer Mail Queues can be an essential tool for:
- Determining why inbound or outbound email delivery is failing
- Deleting bounce emails
- Deleting frozen (undeliverable) emails
- Forcing queue runs (especially useful for Smart Router emails to Exchange servers that are intermittently online)
- Integrates with MailScanner, if installed, to offer views/deletion of email in both the Pending and Delivery queues
- Searching for and viewing/deleting emails to/from specific domains and addresses
- Viewing the email history from the exim mail logs for specific emails
- Retry delivery for specific emails
A MUST for a webmaster!
The product provides you with an interface to the cPanel user accounts email configuration without having to login to their accounts. It is domain based rather than account based and allows you to do all the following from within WHM:
- View, edit and delete email accounts
- View, edit and delete email forwarders
- View, edit and delete email filters
- View and modify email account quotas
- Modify email account passwords
- Modify Outgoing Mail Hourly Limits
- List only email accounts that are overquota (or over a specified percentage)
- List only email accounts that are over a specified size
- View the total number of emails in an email account
- Empty an email account
- View emails in an email account
- Individually delete emails in an email account
- View, enable and disable GreyListing in bulk and per domain
Note: We need full root access to your server and cPanel must be installed.
