MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Wowza Streaming Engine
        3. Flussonic Media Server
        4. Video Feature Comparison
        5. Icecast 2 / Icecast KH
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
      2. Clientexec Integration Guide
      3. Blesta Integration Guide
    4. Migrate from other software
      1. Migrate From Centovacast
      2. Migrate From AzuraCast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. Custom Web Service Configurations
      2. Reset Admin Password
      3. Port 80 / 443 Proxy
      4. MediaCP System Commands
      5. Change MediaCP domain name
      6. Move media to another hard disk
      7. Secure your server
      8. Troubleshooting Login Errors
      9. Custom Facebook App
      10. Admin Tools
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
    8. Troubleshooting
      1. Grant access to support team
      2. Troubleshooting Wowza Streaming Engine
      3. FTP Troubleshooting
      4. MySQL Database Troubleshooting
      5. Reporting Troubleshooting
      6. Troubleshooting Liquidsoap AutoDJ
      7. Video Relay Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    7. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    8. Statistics
    9. Software Health
    10. Software Updates
    11. Email Templates
    12. API
    1. Introduction
    2. Audio Operation Manual
      1. Basics 101
      2. Station Overview
      3. Media Library
      4. Playlists
        1. General Rotation
        2. Jingles & Advertising
        3. Scheduling
        4. Repeat Protection
      5. Live DJ Connections
      6. Live Stream Recording
      7. DJ Manager
      8. Country Blocking
      9. Stream Authentication
      10. Stream Proxy
      11. Widgets & Links
      12. Reporting
    3. Video Operation Manual
      1. Basics 101
      2. Service Overview
      3. File Manager
      4. Scheduling
      5. Streaming to Your Service
      6. Stream Targets
      7. GeoIP Country Locking
      8. Widgets & Links
      9. Reporting
    4. Reseller Operations Manual
      1. Reseller Dashboard
      2. Customers
      3. Media Services
    1. API Documentation
    2. Custom Domain Names
    3. Shoutcast 2 Admin Guide
    4. Wowza and Flussonic on same system
    5. Submit a feature request
    6. Wowza Custom Properties
    1. Shoutcast 2 Live Broadcasting
    2. DJ Priorities
    3. HTML5 Audio Player
    4. Broadcasting with AutoDJ
    5. Shoutcast 2 Premium
    6. Mount Points
    7. Managing Media Using FTP
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. VAST Advertising
    6. Relay & IP Camera
    7. Stream Recording
    8. GeoIP Country Locking
    9. Connecting your encoder
    10. Preparing Your Media Files
    11. Managing Media Using FTP
    12. Understanding Video Playlists
    13. Embedding player on your website
    14. Smooth Streaming and Content Transition
    15. Video Transcoding (Adaptive Bitrate Streaming)
    16. Image Logo or Watermark Overlay on Video Stream
    17. Statistics
    18. DVR Rewind
    19. Facebook Live Streaming
    20. Youtube Stream Publishing
    21. Twitch Stream Publishing
    22. Shoutcast 2 Stream Publishing
    23. Icecast Stream Publishing
    24. RTMP Stream Publishing
    1. Cloud Video Overview
    2. Admin Manual - Cloud Video
      1. Login to your cloud platform
      2. Dashboard - A First Look
      3. Branding your platform
      4. Team & Staff Members
      5. Plans & Customers
      6. WHMCS Billing Provisioning Module
      7. Activating VOD on Customer Plan
    3. User Manual - Cloud Video
      1. Login to your video platform
      2. First Look
      3. Creating a Channel
      4. Channel Overview
      5. Broadcasting
      6. Recording
      7. Fallback Video
      8. TV Channels - 24x7 UGC
      9. Video on Demand
      10. VOD Playlists
      11. Publishing
      12. Viewing Analytics
      13. Publish Zoom Meetings
      14. Advertising
      15. Restreaming IP Cameras
    4. Video Guide Series
    5. Streaming Best Practices
    6. Feature Comparison
    7. Roadmap & Release Notes
Secure your server

Last updated 2 years ago

Security in this day and age is critical for your organisation. This article looks at some simple strategies to keeping your server secure from intruders.

Keep all your software up to date

Constant updates every day can be daunting and even annoying for most users, but there is a good reason for them and most of the time they include security updates to keep your systems secure.

Updating is such a simple and effective way to keep all your systems secure, and it is all too often overlooked. It is important to update software on your server as well as all your devices, especially those devices that are used to login to your business systems.

Setup automatic system updates

Did you know that you can configure automatic updates for your server? Here are some great articles that we’ve tried and tested for each operating system:

Don’t want to run automatic updates? Updating your system is really easy. I recommend you install Cockpit for Linux on your system but if you prefer to manually update your system check out these guides instead:

MediaCP Software Updates

Software updates for the MediaCP are announced on your dashboard so you will always know when a new update is available.  Updating the MediaCP software is really easy and involves a single line to complete, however you should always make sure you have a backup before upgrading.

We recommend that you update the MediaCP as soon as an update is available, or at the very least, once every month.

You can update the MediaCP by running the following command as root on your server:

/root/init upgrade

Prefer our team to complete this for you? Order an upgrade service instead.

Update your PC

It is just as important to keep your PC updated as it is to keep your system and mediacp up to date. Many intrusions make there way to servers through outdated and unpatched PC’s.

Secure your SSH connection

Here we’ll look at some simple steps to keeping unauthorised users out of your system.

Change the default SSH port

Changing your default SSH port is a very basic level of protection and can help prevent unauthorised acccess, however it does not secure the service; we’ll cover this in the next step.

Important: Make sure to open the new port in your servers firewall before applying changes!

Firewall your SSH port

Many systems come with a firewall already installed, CentOS typically uses firewalld and Debian typically uses ufw.  If you have cPanel installed on your system then you might be using ConfigServer Security & Firewall (csf).

You will need to determine what firewall is running on your system and make sure that you block all connections to port 22 except for your own IP address. If there is no firewall installed then you should really consider installing one.

The default SSH port is on 22, however if you have changed the port from 22 then you should replace port 22 with the new port in your firewall command.

Important Note: Before installing any firewall, please check our system requirements to make sure you don’t accidentally block MediaCP services that require internet access.

Disable password login to SSH

Authentication with SSH keys drastically increases the security of your system, especially when password authenticaiton is then disabled.

Step 1 – Generate and install SSH key

Step 2 – Disable password login to SSH

After enabling SSH key authentication, it a best practice to disable password authentication. Make sure you’ve tested SSH key login first. If your SSH key doesn’t work, and you disable password login, you’ll lose SSH access.

  1. Edit /etc/ssh/sshd_config
    nano /etc/ssh/sshd_config
  2. Find this line:
    #PasswordAuthentication yes
  3. If the line is commented out with #, remove the # symbol.

  4. Replace yes with no. The line should look like this when finished:
    PasswordAuthentication no
  5. Restart OpenSSH
    systemctl restart sshd.service

Configure Regular Backups

Regular backups don’t necessarily secure your server however they are crucial in order to restore your system if something does go wrong. Hard disk failures are common and without a backup there is no way to recover your data.


Use VPS Snapshots!

If you are using a VPS then you should be using snapshots. If your provider does not include a snapshot feature then you should find another provider!

What are snapshots?

Snapshots allow you to capture and preserve the entire state of a VPS, including it’s data. In the case where something goes wrong, such as a failed upgrade or corrupted data then you can usually restore to the last snapshot within minutes.

Backup the MediaCP and store it offsite

MediaCP Backups - Click to enlarge

Our software includes a simple and automated backup utility. You should make sure that you have regular backups configured within the MediaCP from System Config -> Backups.

In addition, you should also ensure a plan to save your backups offsite. One strategy i would recommend is to mount an external cloud drive and store your backups here. Take a look at the following article for more information:

Table of Contents