Enable Gzip compression on cPanel server

To enable gzip compression on cPanel server, mod_gzip.c or mod_deflate.c module should be installed on the server. You can check the loaded module via SSH. Login to you server and use the following command to check the loaded Apache modules:

/usr/local/apache/bin/httpd -l

If one of the module is installed on the server, you can enable gzip compression for an account by adding required code in .htaccess file. You need to add the following code into the .htaccess file to enable the gzip compression for the domain.

#compress all text & html:
AddOutputFilterByType DEFLATE text/html text/plain text/xml
<Files *.html>
SetOutputFilter DEFLATE
</Files>
Once you add above code, you can verify it from the following link:
http://www.gidnetwork.com/tools/gzip-test.php
The test result should show as follow:
Web page compressed? Yes
Compression type? gzip

 

WordPress ModSecurity Rules

WordPress is a popular publishing platform which is known for its robust features, numerous templates, and large support community. Unfortunately, due to such popularity, WordPress is also constantly subject to attempts at exploiting vulnerabilities. Ensuring WordPress and any associated plugins are installed with the most current versions is an important means of securing your site. However, ModSecurity provides a significant amount of further security by providing an application firewall.

ModSecurity (also known as “modsec”) has proven itself useful in a variety of situations, and again this is true in assisting with WordPress brute force attempts resulting in a Denial of Service (DoS) attack. While a number of WordPress plugins exist to prevent such attacks, custom modsec rules can prevent such attacks for all WordPress installations on a server. Modsec immediately filters incoming HTTP requests, which assists against taxing server resources.

These rules will block access for the offending IP address for 5 minutes upon 10 failed login attempts over a 3 minute duration. These rules have been automatically updated in the custom rules for Liquid Web’s ServerSecure service. For customers without ServerSecure, these rules can be added to their custom modsec rules. To accomplish this, edit your custom modsec user rules and append the file with the rules provided below. For CPanel servers, this file is likely located at /usr/local/apache/conf/

 

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch “/wp-login.php”>
# Setup brute force detection.
# React if block flag has been set.
SecRule user:bf_block “@gt 0” “deny,status:401,log,id:5000135,msg:’ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'”
# Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS “^302” “phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136”
SecRule RESPONSE_STATUS “^200” “phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137”
SecRule ip:bf_counter “@gt 10” “t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0”
</locationmatch>

What is suPHP?

suPHP is a tool for executing PHP scripts with the permissions of their owners or a program that controls who can access certain files. All scripts executed on the server need to be authorized to run on the server. This is done through the file permissions.

Since most PHP scripts run with the user “Nobody” this means that the control of the file is directly related to the permissions assigned to the file. Since “Nobody” is not the User or Group member you’d have to open the file permissions to 0777 for read, write, and execute for all categories. This is problematic since you’re now letting users off the server execute files. This gives them the ability to add code to the URL and manipulate the file accordingly. This can give them access to your entire site depending on the file then modify and how it is written.

This is not an ideal method and could pose a security risk. suPHP will stop PHP from running as “Nobody” and make it so the files can only be written by the User allowing better site containment.

Why use suPHP?

The benefit of using suPHP besides better security, is that it will make any PHP applications (most often CMS systems) such as Mambo more user friendly. Case in point: If you upload/install anything via Mambo such as a template on a non-suphp server, then those template files will be owned by ‘nobody’ and the customer will not be able to edit them manually or even delete their account. This ownership issue is done away with suPHP. On a suPHP enabled server, those same template files will be owned by the account username and the account holder will be able to manipulate those files as they see fit.

Furthermore, many third party applications require certain folders to have 777 permissions. 777 permissions mean that the whole world has write access to them. If your website code has a vulnerability in it which hackers could upload files to your account, having 777 will allow them to do so. suPHP does not require 777 permissions, which makes your website more secure. suPHP will also throw an error message if it tries to access any folder with 777 permissions.

Need Hosting?

All of our servers plans and packages comes with suPHP. However . Read More :- https://www.shineservers.com/web-hosting.html