MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Wowza Streaming Engine
        3. Flussonic Media Server
        4. Video Feature Comparison
        5. Icecast 2 / Icecast KH
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
      2. Clientexec Integration Guide
      3. Blesta Integration Guide
    4. Migrate from other software
      1. Migrate From Centovacast
      2. Migrate From AzuraCast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. Move media to another hard disk
      2. Secure your server
      3. Troubleshooting Login Errors
      4. Custom Facebook App
      5. Custom Web Service Configurations
      6. Reset Admin Password
      7. Port 80 / 443 Proxy
      8. MediaCP System Commands
      9. Change MediaCP domain name
      10. Admin Tools
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
    8. Troubleshooting
      1. Troubleshooting Liquidsoap AutoDJ
      2. Video Relay Troubleshooting
      3. Grant access to support team
      4. Troubleshooting Wowza Streaming Engine
      5. FTP Troubleshooting
      6. MySQL Database Troubleshooting
      7. Reporting Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    7. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    8. Statistics
    9. Software Health
    10. Software Updates
    11. Email Templates
    12. API
    1. Introduction
    2. Audio Operation Manual
      1. Basics 101
      2. Station Overview
      3. Media Library
      4. Playlists
        1. General Rotation
        2. Jingles & Advertising
        3. Scheduling
        4. Repeat Protection
      5. Live DJ Connections
      6. Live Stream Recording
      7. DJ Manager
      8. Country Blocking
      9. Stream Proxy
      10. Public Page
      11. HTML5 Player
      12. Stream Authentication
      13. Widgets & Links
      14. Reporting
    3. Video Operation Manual
      1. Basics 101
      2. Service Overview
      3. File Manager
      4. Scheduling
      5. Stream Targets
      6. Streaming to Your Service
      7. GeoIP Country Locking
      8. Widgets & Links
      9. Reporting
    4. Reseller Operations Manual
      1. Reseller Dashboard
      2. Customers
      3. Media Services
    1. Wowza Custom Properties
    2. API Documentation
    3. Custom Domain Names
    4. Shoutcast 2 Admin Guide
    5. Wowza and Flussonic on same system
    6. Submit a feature request
    1. Mount Points
    2. Managing Media Using FTP
    3. Shoutcast 2 Live Broadcasting
    4. DJ Priorities
    5. HTML5 Audio Player
    6. Broadcasting with AutoDJ
    7. Shoutcast 2 Premium
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. GeoIP Country Locking
    6. VAST Advertising
    7. Relay & IP Camera
    8. Stream Recording
    9. Connecting your encoder
    10. Preparing Your Media Files
    11. Managing Media Using FTP
    12. Understanding Video Playlists
    13. Embedding player on your website
    14. Smooth Streaming and Content Transition
    15. Video Transcoding (Adaptive Bitrate Streaming)
    16. Image Logo or Watermark Overlay on Video Stream
    17. DVR Rewind
    18. Statistics
    19. Facebook Live Streaming
    20. Youtube Stream Publishing
    21. Twitch Stream Publishing
    22. Shoutcast 2 Stream Publishing
    23. Icecast Stream Publishing
    24. RTMP Stream Publishing
    1. Cloud Video Overview
    2. Admin Manual - Cloud Video
      1. WHMCS Billing Provisioning Module
      2. Login to your cloud platform
      3. Dashboard - A First Look
      4. Branding your platform
      5. Team & Staff Members
      6. Plans & Customers
      7. Activating VOD on Customer Plan
    3. User Manual - Cloud Video
      1. Login to your video platform
      2. First Look
      3. Creating a Channel
      4. Channel Overview
      5. Broadcasting
      6. Recording
      7. Media Content
      8. Fallback Video
      9. TV Channels - 24x7 UGC
      10. Video on Demand
      11. VOD Playlists
      12. Publishing
      13. Viewing Analytics
      14. Publish Zoom Meetings
      15. Advertising
      16. Restreaming IP Cameras
    4. Video Guide Series
    5. Streaming Best Practices
    6. Feature Comparison
    7. Roadmap & Release Notes
Secure your server

Last updated 2 years ago

Security in this day and age is critical for your organisation. This article looks at some simple strategies to keeping your server secure from intruders.

Keep all your software up to date

Constant updates every day can be daunting and even annoying for most users, but there is a good reason for them and most of the time they include security updates to keep your systems secure.

Updating is such a simple and effective way to keep all your systems secure, and it is all too often overlooked. It is important to update software on your server as well as all your devices, especially those devices that are used to login to your business systems.

Setup automatic system updates

Did you know that you can configure automatic updates for your server? Here are some great articles that we’ve tried and tested for each operating system:

Don’t want to run automatic updates? Updating your system is really easy. I recommend you install Cockpit for Linux on your system but if you prefer to manually update your system check out these guides instead:

MediaCP Software Updates

Software updates for the MediaCP are announced on your dashboard so you will always know when a new update is available.  Updating the MediaCP software is really easy and involves a single line to complete, however you should always make sure you have a backup before upgrading.

We recommend that you update the MediaCP as soon as an update is available, or at the very least, once every month.

You can update the MediaCP by running the following command as root on your server:

/root/init upgrade

Prefer our team to complete this for you? Order an upgrade service instead.

Update your PC

It is just as important to keep your PC updated as it is to keep your system and mediacp up to date. Many intrusions make there way to servers through outdated and unpatched PC’s.

Secure your SSH connection

Here we’ll look at some simple steps to keeping unauthorised users out of your system.

Change the default SSH port

Changing your default SSH port is a very basic level of protection and can help prevent unauthorised acccess, however it does not secure the service; we’ll cover this in the next step.

Important: Make sure to open the new port in your servers firewall before applying changes!

Firewall your SSH port

Many systems come with a firewall already installed, CentOS typically uses firewalld and Debian typically uses ufw.  If you have cPanel installed on your system then you might be using ConfigServer Security & Firewall (csf).

You will need to determine what firewall is running on your system and make sure that you block all connections to port 22 except for your own IP address. If there is no firewall installed then you should really consider installing one.

The default SSH port is on 22, however if you have changed the port from 22 then you should replace port 22 with the new port in your firewall command.

Important Note: Before installing any firewall, please check our system requirements to make sure you don’t accidentally block MediaCP services that require internet access.

Disable password login to SSH

Authentication with SSH keys drastically increases the security of your system, especially when password authenticaiton is then disabled.

Step 1 – Generate and install SSH key

Step 2 – Disable password login to SSH

After enabling SSH key authentication, it a best practice to disable password authentication. Make sure you’ve tested SSH key login first. If your SSH key doesn’t work, and you disable password login, you’ll lose SSH access.

  1. Edit /etc/ssh/sshd_config
    nano /etc/ssh/sshd_config
  2. Find this line:
    #PasswordAuthentication yes
  3. If the line is commented out with #, remove the # symbol.

  4. Replace yes with no. The line should look like this when finished:
    PasswordAuthentication no
  5. Restart OpenSSH
    systemctl restart sshd.service

Configure Regular Backups

Regular backups don’t necessarily secure your server however they are crucial in order to restore your system if something does go wrong. Hard disk failures are common and without a backup there is no way to recover your data.

 

Use VPS Snapshots!

If you are using a VPS then you should be using snapshots. If your provider does not include a snapshot feature then you should find another provider!

What are snapshots?

Snapshots allow you to capture and preserve the entire state of a VPS, including it’s data. In the case where something goes wrong, such as a failed upgrade or corrupted data then you can usually restore to the last snapshot within minutes.

Backup the MediaCP and store it offsite

MediaCP Backups - Click to enlarge

Our software includes a simple and automated backup utility. You should make sure that you have regular backups configured within the MediaCP from System Config -> Backups.

In addition, you should also ensure a plan to save your backups offsite. One strategy i would recommend is to mount an external cloud drive and store your backups here. Take a look at the following article for more information:

Table of Contents