MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Flussonic Media Server
        3. Icecast 2 / Icecast KH
        4. Wowza Streaming Engine
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
    4. Migrate from other software
      1. Migrate from Centovacast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. Custom Web Service Configurations
      2. Reset Admin Password
      3. Port 80 / 443 Proxy
      4. MediaCP System Commands
      5. Change MediaCP domain name
      6. Move media to another hard disk
      7. Secure your server
      8. Troubleshooting Login Errors
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
    8. Troubleshooting
      1. Grant access to support team
      2. Troubleshooting Wowza Streaming Engine
      3. FTP Troubleshooting
      4. MySQL Database Troubleshooting
      5. Reporting Troubleshooting
      6. Troubleshooting Liquidsoap AutoDJ
      7. Video Relay Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    7. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    8. Statistics
    9. Software Health
    10. Software Updates
    11. Email Templates
    12. API
    1. API Documentation
    2. Custom Domain Names
    3. Shoutcast 2 Admin Guide
    4. Wowza and Flussonic on same system
    5. Submit a feature request
    6. Wowza Custom Properties
    1. Shoutcast 2 Live Broadcasting
    2. DJ Priorities
    3. HTML5 Audio Player
    4. Broadcasting with AutoDJ
    5. Shoutcast 2 Premium
    6. Mount Points
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. Relay & IP Camera
    6. Connecting your encoder
    7. Managing your media files
    8. Embedding player on your website
    9. Video Transcoding (Adaptive Bitrate Streaming)
    10. Image Logo or Watermark Overlay on Video Stream
    11. nDVR Live Streaming
    12. Shoutcast 2 Stream Publishing
    13. Facebook Live Streaming
    14. Youtube Stream Publishing
    15. Icecast Stream Publishing
    16. Twitch Stream Publishing
    17. Periscope Stream Publishing
Secure your server

Last updated 6 months ago

Security in this day and age is critical for your organisation. This article looks at some simple strategies to keeping your server secure from intruders.

Keep all your software up to date

Constant updates every day can be daunting and even annoying for most users, but there is a good reason for them and most of the time they include security updates to keep your systems secure.

Updating is such a simple and effective way to keep all your systems secure, and it is all too often overlooked. It is important to update software on your server as well as all your devices, especially those devices that are used to login to your business systems.

Setup automatic system updates

Did you know that you can configure automatic updates for your server? Here are some great articles that we’ve tried and tested for each operating system:

Don’t want to run automatic updates? Updating your system is really easy. I recommend you install Cockpit for Linux on your system but if you prefer to manually update your system check out these guides instead:

MediaCP Software Updates

Software updates for the MediaCP are announced on your dashboard so you will always know when a new update is available.  Updating the MediaCP software is really easy and involves a single line to complete, however you should always make sure you have a backup before upgrading.

We recommend that you update the MediaCP as soon as an update is available, or at the very least, once every month.

You can update the MediaCP by running the following command as root on your server:

/root/init upgrade

Prefer our team to complete this for you? Order an upgrade service instead.

Update your PC

It is just as important to keep your PC updated as it is to keep your system and mediacp up to date. Many intrusions make there way to servers through outdated and unpatched PC’s.

Secure your SSH connection

Here we’ll look at some simple steps to keeping unauthorised users out of your system.

Change the default SSH port

Changing your default SSH port is a very basic level of protection and can help prevent unauthorised acccess, however it does not secure the service; we’ll cover this in the next step.

Important: Make sure to open the new port in your servers firewall before applying changes!

Firewall your SSH port

Many systems come with a firewall already installed, CentOS typically uses firewalld and Debian typically uses ufw.  If you have cPanel installed on your system then you might be using ConfigServer Security & Firewall (csf).

You will need to determine what firewall is running on your system and make sure that you block all connections to port 22 except for your own IP address. If there is no firewall installed then you should really consider installing one.

The default SSH port is on 22, however if you have changed the port from 22 then you should replace port 22 with the new port in your firewall command.

Important Note: Before installing any firewall, please check our system requirements to make sure you don’t accidentally block MediaCP services that require internet access.

Disable password login to SSH

Authentication with SSH keys drastically increases the security of your system, especially when password authenticaiton is then disabled.

Step 1 – Generate and install SSH key

Step 2 – Disable password login to SSH

After enabling SSH key authentication, it a best practice to disable password authentication. Make sure you’ve tested SSH key login first. If your SSH key doesn’t work, and you disable password login, you’ll lose SSH access.

  1. Edit /etc/ssh/sshd_config
    nano /etc/ssh/sshd_config
  2. Find this line:
    #PasswordAuthentication yes
  3. If the line is commented out with #, remove the # symbol.

  4. Replace yes with no. The line should look like this when finished:
    PasswordAuthentication no
  5. Restart OpenSSH
    systemctl restart sshd.service

Configure Regular Backups

Regular backups don’t necessarily secure your server however they are crucial in order to restore your system if something does go wrong. Hard disk failures are common and without a backup there is no way to recover your data.

 

Use VPS Snapshots!

If you are using a VPS then you should be using snapshots. If your provider does not include a snapshot feature then you should find another provider!

What are snapshots?

Snapshots allow you to capture and preserve the entire state of a VPS, including it’s data. In the case where something goes wrong, such as a failed upgrade or corrupted data then you can usually restore to the last snapshot within minutes.

Backup the MediaCP and store it offsite

MediaCP Backups - Click to enlarge

Our software includes a simple and automated backup utility. You should make sure that you have regular backups configured within the MediaCP from System Config -> Backups.

In addition, you should also ensure a plan to save your backups offsite. One strategy i would recommend is to mount an external cloud drive and store your backups here. Take a look at the following article for more information:

Table of Contents