7 Server Preparation Tips
October 7, 2008 by Lyndell Rottmann, Technical Support in Dedicated Servers and Private Racks, Tech Stuff, Tips and Tricks
Howdy. I’m Lyndell, a technical support specialist at The Planet. I work with customers regularly, so I thought a server setup guide could help new customers get started with ease. This documentation is based on my personal server setup experience and on the experience I’ve had helping customers with their new servers.
1. Password
Be sure to change your password. Use a combination of letters, numbers, even symbols. You can even mix capitalization. Don’t use names, birthdays and other trivia that can be dug up out of public records. Conventional wisdom says you shouldn’t write down your passwords, but Microsoft’s senior program manager for security policy Jesper Johansson suggests otherwise: “If I write them down and then protect the piece of paper — or whatever it is I wrote them down on — there is nothing wrong with that. That allows us to remember more passwords and better passwords.”
Bruce Schneier — a notable security technologist and writer — agrees and explains, “We’re all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.”
2. Firewall
Firewalls block network connections. Configuring a firewall manually can get very complicated, especially when involving protocols like FTP which opens random ports on either the client or the server. A quick way to deal with this is to use the system-config-securitylevel-tui tool. Of course, ssh, web server, ftp, mail and all the ports the control panel uses need to be open.
Mail Ports
- 25 – SMTP
- 110 – POP3
- 143 – IMAP
- 465 – SMTPS
- 993 – IMAPS
- 995 – POP3S
Web Server Ports
- 80 – HTTP
- 443 – HTTPS
cPanel Ports
- 2077 – webDisk (unsecured)
- 2078 – webDisk
- 2082 – cPanel control panel (unsecured)
- 2083 – cPanel control panel
- 2086 – WHM control panel (unsecured)
- 2087 – WHM control panel
- 2095 – webmail (unsecured)
- 2096 – webmail
Personally, I closed the unsecured control panel ports 2077, 2082, 2086 and 2095. Using SSL protected ports better protects passwords and data. To access secure control panel pages without browser popups warning about invalid certificates, buy proper SSL certificates (explained below).
Other
- 22 – SSH (secure shell – Linux)
- 53 – DNS name servers
- 3389 – RDP (Remote Desktop Protocol – Windows)
- 8443 – Plesk control panel
- 19638 – Ensim control panel
3. DNS
DNS is a naming system for computers and services on the Internet. Domain names like “theplanet.com” and “orbit.theplanet.com” are easier to remember than IP address like 70.87.6.117 and 70.87.6.16.
DNS looks up a domain’s A record to retrieve its IP address. PTR records are used to look up the domain name associated to an IP address.
Hostname
Pick a hostname for your server. It can be anything DNS allows, but some names are better than others. Hostnames such as “accounting” or “hackme” may draw unwanted attention. The hostname must be resolvable by DNS, so “example.theplanet.host” will never resolve since “.host” is not a top level domain. “host.example.com” and “server.example.com” are examples of the proper form of a hostname. You’ll want to avoid using “www” at the beginning of your hostname because it may conflict with a website on your server.
In cPanel, the hostname can be easily set in “Networking Setup”. In Plesk, the hostname is set in “Server Preferences”.
A Records
If you buy your domain name from The Planet, it is automatically added to our nameservers, but if your domain was registered externally, you’ll need to go through a few additional steps to ensure your domain resolves correctly on our servers.
To include your externally-registered domain on our DNS, you should first point it at our nameservers (ns1.theplanet.com, ns2.theplanet.com). Once The Planet’s nameservers are correctly reflected on your domain, open a “DNS Change Request” in Orbit. You’ll enter both the domain name and the IP address in the form, and we will create the DNS zone file for that domain. We automatically add A records for default subdomains like “www”, “ftp”, “mail,” and if you’d like to add any other hostnames, log into Orbit and use “DNS Administration” to add an A record for your server’s hostname. If your server’s hostname is “host.example.com”, add an A record for “host”.
PTR Records
Many ISPs configure their servers that receive email to lookup the IP address of the domain in a sender’s email address (a reverse DNS check) to see that the domain name matches the email server’s host name.
You can look up the PTR record for your IP address. In Linux and Mac use the “host” command on the console or in Terminal.app. In Windows use “nslookup” in your Command Prompt. If the results of the PTR record lookup don’t match your server’s hostname, open a DNS change request asking that the PTR or reverse DNS be configured. Please include both the IP address and the server’s hostname.
4. SSL Certificates
Getting an SSL certificate is optional, but it has many benefits. SSL encrypts passwords and data sent on the network. The certificates will assure your customers that they are looking at your site securely. Browsers won’t trust SSL certificates created by the server, so you should purchase certificates externally to keep your content safe and avoid invalid SSL certificate popup warnings.
If you’re interested in learning about The Planet’s offerings in this area, visit our SSL Certificates page. Remember, any website using SSL Certificates should be assigned its own IP address. More information can be found on our support portal.
5. Protect Your Data
An old adage says, “It’s better to have and not need it, than to need it and not have it.”
Data loss can happen to anyone. I recently experienced a hard disk drive failure at home, and I can attest that recovering data without a current backup is certainly disruptive.
Control panels include backup functionality and can be configured to automatically backup regularly to the home server or an external site. For example, cPanel and Plesk can be easily set up to backup to an FTP site. The Planet offers several options for data protection and backup to fit any of your needs.
Imagine what would happen to your business if you lost just some of your data. There’s no excuse for neglecting backup when configuring your new server.
6. Know the Mail Guidelines
Some Internet Service Providers are very particular about email sent to them. As a mail server administrator, you may experience frustration when your server’s emails are not accepted by ISPs that aggressively combat spam. To better prepare for your server’s operations, you may want to verify with the larger email providers that your messages will meet their criteria for valid traffic. Read what a few of the larger postmasters have to say:
7. Move In!
Now that the server has been prepared and the data protected, you are ready to migrate your content. Never underestimate the usefulness of control panel documentation. Here are the links for our popular control panels:
Remember, The Planet’s technical support department is only a phone call away. 
-Lyndell
October 8th, 2008 at 7:29 am
Nice job Lyndell. Very useful.