DigitalOcean

Report this

What is the reason for this report?
Question

Security review - are we secure enough?

Posted on January 17, 2020
CentOS
4b47a49a874a45bb9ae29ae7503caf

By 4b47a49a874a45bb9ae29ae7503caf

We have configured a CentOS droplet that will be home to three mobile applications and a few websites. We have installed WHM/cPanel, nodejs, angularjs, mysql and npm to monitor it all.

The droplet was configured by the developer of the application. We are looking for a community member to security test our environment and recommend any changes, for which we will pay an hourly rate to first make recommendations and then secondly to carry out any necessary changes to the environment. This is to ensure we have a safe and secure set up and independently test the developers work. We will also be employing a mobile app developer to review the actual coding of the application and portal website that controls that. So this work is just to ensure the security of the droplet is robust. I can be contacted at andy@cyw.solutions if you are interested in this project. Many thanks Andy



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
January 30, 2020

Hello, @andyparr1

I will recommend you to secure the server at level same as when applying for PCI compliance. This includes to get rid of all of the old TLS supported versions, disable FTP and insecure mail ports, also disable any port which is not needed and leave just those you actually use (22, 80, 443 and etc). You can also update all the security ciphers for Apache and the rest of the cPanel services as well.

With cPanel you also have the option to use the Host Access Control meaning that you can close every port and make it available only for whitelisted IPs. This is something which is really handy as you can allow only your IP addresses to connect to the server.

Regards, Alex

0
alexdo
alexdo
September 15, 2020

Hello, all

A little update on this question.

I’ve recently posted a mini tutorial related with PCI Compliance scan where the outdated TLS versions had to be disabled in order the user to pass the scan. You can check it here:

https://www.digitalocean.com/community/questions/disable-old-tls-versions-1-0-1-1-for-apache-nginx-on-ubuntu-18-04-or-centos-7

Hope this helps! Regards, Alex

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.