I work with customers regualarly, and thought a setup guide would help customers get started with ease. This documentation is based on my expereince with my own server and helping customers with their new servers.
Password
Be sure to change your password. Use a combination of letters, numbers, even symbols. You can even mix captialization. Don’t use names, birthdays and other trivia that can be dug up out of public records. Conventional wisedom has stated, don’t write down your passwords. Microsoft’s Jesper Johansson senior program manager for security policy at Microsoft suggests write down your passwords.
If I write them down and then protect the piece of paper–or whatever it is I wrote them down on–there is nothing wrong with that. That allows us to remember more passwords and better passwords.
Bruce Schneier — a notable security technologist and writer – agrees and explains,
We’re all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Firewall
Firewalls block network connections. Configuring a firewall manually can get very complicated, expecially when invovling protocols like FTP. FTP opens random ports on either the client, or the server. A quick way to deal with this is to use the system-config-securitylevel-tui tool. Over course, ssh, web server, ftp, mail and all the ports the control panel uses need to be open.
Mail ports
- 25 – SMTP
- 110 – POP3
- 143 – IMAP
- 465 – SMTPS
- 993 – IMAPS
- 995 – POP3S
web server ports
cPanel ports
- 2077 – webDisk (unsecured)
- 2078 – webDisk
- 2082 – cPanel control panel (unsecured)
- 2083 – cPanel control panel
- 2086 – WHM control panel (unsecured)
- 2087 – WHM control panel
- 2095 – webmail (unsecured)
- 2096 – webmail
Personally, I closed the unsecured control panel ports 2077, 2082, 2086 and 2095 closed. Using SSL protected ports better protects passwords and data. To access secured control panel pages without browser popups warning about invalid certificates, buy proper SSL certificates (explained below).
Other
- 22 – SSH (secure shell – Linux)
- 53 – DNS name servers
- 3389 – RDP (Remote Desktop Protocal – Windows)
- 8443 – Plesk control panel
- 19638 – Ensim control panel
DNS
DNS is a naming system for computers and services on the Internet. Domain names like “theplanet.com” and “orbit.theplanet.com” are easier to remember than IP address like 70.87.6.117 and 70.87.6.16.
DNS looks up the A record to retreive the IP address for a domain name. PTR records are used to lookup the domain name associated to an IP address.
Hostname
Pick a hostname for your server. It can be anything DNS allows, but some names are better than others. Hostnames such as “accounting” or “hackme” may draw unwanted attention. The hostname must be resolvable by DNS, so “example.theplanet.host” will never resolve since there is no such top level domain of “host”. “host.example.com” or “server.example.com” are examples of the proper form of a hostname. Don’t use “www”, that may conflict with a website on your server. Of course, replace “example.com” with the domain name you registered.
In cPanel, the hostname can be easily set in “Networking Setup”. In PLesk, the hostname is set in “Server Preferences”.
A Records
You may want to create common subdomains such as “www”, “ftp”, “mail”. Log into Orbit and use “DNS Administration” to add an A record for your server’s hostname. If your server’s hostname is “host.example.com”, add an A record for “host”.
PTR Records
Many ISPes configure their mail servers that recieve email to lookup the IP address of the senders email server in the reverse DNS and checks to see that the domain name matches the email servers host name.
You can look up the PTR record for your IP address. in Linux and Mac use the “host” command on the console or in the Terminal.app. On Windows use “nslookup” on the Command Prompt. If the results of the PTR record lookup don’t match the server’s hostname, open a DNS change request asking that the PTR or reverse DNS be configured. Please include both the IP address and the server’s hostname.
SSL Certificates
Getting SSL certficates is optional, but it has advantages. SSL encrypts passwords and data sent on the network. The certificates will also assure your customers that they are visiting the right site. A visible benefit is that the web browser won’t popup warnings for invalid SSL certificates. Browsers won’t trust SSL certificates created by the server. It’s really a bad habit to click past those security features.
When ordering, please have a domain name and a working email address. Remember, any website using SSL Certificates should be assigned its own IP address. More information can be found on our support portal.
Protect Your Data
An old adage says:
Better to have and not need it, than to need it an not have it.
Data loss can happen to anyone. I recently experienced a hard disk drive failure at home. It’s certainly disruptive trying to recover data without a current backup.
There are a number reasons data can be lost. We won’t name them all, but just imagine what would happen to your business if you lost just some of your data.
Control panels include backup functionality and can be configured to automaticly backup regularly. For example, cPanel and Plesk will backup to an FTP site, therefore network backup is a good match for customer’s using control panels. There’s no excuse for neglecting backup when configuring your new server.
Know the Mail guidlines
Some Internet Service Providers are very particular about email sent to them. As a mail server administrator, you may experience frustration when your server’s emails are not accepted by ISPs that aggressively combat spam. To better prepare for your server’s operations, you may want to verify with the larger email providers that your messages will meet their criteria for valid traffic. Read what a few of the larger postmasters have to say:
Move In!
Now that the server has been prepared and the data protected, you are ready to migrate your content. The documentation provided by the vendors are a great resource. Here are the links for our control panels: