Questions on WHM Tweak Settings

WebEndev

Member
I noticed on our dedicated server that the following items in WHM were not enabled when the server was set up by KnownHost:
I'm moderately comfortable and familiar with WHM, but certainly no expert.

Is there a reason that these should not be enabled? They all seem to serve a good purpose and improve security overall.

Of course I understand that there are specific user by user situations that these items might interfere with operations on the server, but I think those would be pretty rare.

Any input is welcome. :)
 

KH-Jonathan

Director of Managed Services
Staff member
Many applications don't play nicely with this.

This causes issues for a lot of people which connect to remote SMTP servers. CSF also has a better implementation of this which IIRC is enabled by default on our servers.

I believe this is still at the default setting. I wanna say that it's caused some issues before on a pretty large scale but at the moment I can't remember exactly why. @KH-Paul may remember.

This one likes to get people (us too) locked out of SSH. It's no fun to fix :(

Enable cPHulk Brute Force Protection
This is another one that likes to block us very quickly when people give us incorrect passwords. CSF has a much better implementation of similar protections so having two things blocking you for the same thing is just added hassle without any extra security.

Want easy VPS hosting? KnownHost have everything you need - buy your VPS today to get started.
 
Last edited:

WebEndev

Member
Hi Jonathan,

It looks like the downside of enabling most of these is that it leads to possible inadvertent blocks on the real sysadmins...

Sigh.... maybe I should forget them then.... :confused:
 

WebEndev

Member
When I asked about enabling the PHP open_basedir Tweak (I'm DSO), Jonathan replied:
Many applications don't play nicely with this.
I was reading the cPanel documentation, and it says:
When you enable the open_basedir tweak, the system adds PHP directives to each Virtual Host in the httpd.conf file.
These directives limit users' PHP access to the following directories:
1 /usr/lib/php
2 /usr/local/lib/php
3 /tmp
When running DSO, I can't see how enabling it can be a bad thing?
How would applications not play nicely with this setting?
Thanks for helping a newb out :confused:
 
Top