The Derek Gendron weblog : 0eth0s0

ethos: The disposition, character, or fundamental values peculiar to a specific person, people, culture, or movement.

Tag Archives: server security

IS FTP SECURE AND HOW CAN I SECURE FTP? (SFTP)

A general connection to your FTP server, (file transfer protocol) is not secure. When you connect without using SSH, both your userid and password are sent to the server “in the clear” or in other words, without any encryption. Would you post yourFTP Security server security linux username and password on a public website for all to see?

Furthermore, the files you are sending are unencrypted too, so if they contain passwords, sensitive customer data, etc, you are putting that on the public site as well. Anyone using Cain & Able type software could sniff your information relatively easily.

How to use Secure FTP or SFTP?

Secure FTP is more secure than FTP as it uses SSH. To use this you need to enable it in Plesk for each account (or for a quick global change of all your sites – assuming you trust all the sites on your server, you can execute the group command to change all at once). In the setup page select /bin/bash(chrooted) under “Shell access to server with FTP user’s credentials”.  Read more... (375 words, 17 images, estimated 1:30 mins reading time)

This is a preview of IS FTP SECURE AND HOW CAN I SECURE FTP? (SFTP). Read the full post (375 words, 17 images, estimated 1:30 mins reading time)

WHM/ CPANEL EDIT SETUP

Edit Setup
Login to your WHM as the root user. This is the main section to your web server where you can set the options once and will probably never need to change them.  Click on Basic cPanel/WHM Setup Most of these sections are self explanatory with examples of what they do. Just read them to get familiar. I’ll mention the important ones:

Main Shared Virtual Host IP:  This is your servers main IP address to be used be default with all shared hosting accounts.  This should be setup by default and you probably won’t need to change this unless you want to use a different IP.
Server Contact E-Mail Address:  You will get email alerts sent to this address and make sure you have a decent size inbox for them, something over 2 megs because you will often receive updates, log files and all kinds of other goodies. Preferably an email account hosted on a different system like gmail or yahoo. You don’t want to have it mail your local accounts in the event of a problem.
Server Contact Pager Address:  Another contact method for receiving special alerts if your server goes down. We recommend leaving this empty and using a third party monitoring service like SiteUptime.com or keystone.com because if your server is already down, how will it contact you :)  Read more... (2397 words, 65 images, estimated 9:35 mins reading time)

This is a preview of WHM/ CPANEL EDIT SETUP. Read the full post (2397 words, 65 images, estimated 9:35 mins reading time)