MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Wowza Streaming Engine
        3. Flussonic Media Server
        4. Video Feature Comparison
        5. Icecast 2 / Icecast KH
        6. Shoutcast 2
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
      2. Clientexec Integration Guide
      3. Blesta Integration Guide
      4. WiseCP Integration Guide
      5. Billing Platform Comparision
    4. Migrate from other software
      1. Migrate From Centovacast
      2. Migrate From AzuraCast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. MediaCP System Commands
      2. Admin Tools
      3. Custom Web Service Configurations
      4. Change MediaCP domain name
      5. Port 80 / 443 Proxy
      6. Move media to another hard disk
      7. Custom Language Translations
      8. Custom Facebook App
      9. Branding Your Panel
      10. Secure your server
      11. Setup CSF Firewall
      12. Troubleshooting Login Errors
      13. Reset Admin Password
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
      3. Nginx-Rtmp with CDN Proxy
    8. Troubleshooting
      1. Troubleshooting Liquidsoap AutoDJ
      2. Video Relay Troubleshooting
      3. Disk Troubleshooting
      4. Grant access to support team
      5. Troubleshooting Wowza Streaming Engine
      6. FTP Troubleshooting
      7. MySQL Database Troubleshooting
      8. Reporting Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Administrator Accounts
      1. Create a new Administrator
    7. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    8. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    9. Statistics
    10. Software Health
    11. Software Updates
    12. Email Templates
    13. API
    1. Introduction
    2. Audio Operation Manual
      1. Basics 101
      2. Station Overview
      3. Media Library
      4. Playlists
        1. General Rotation
        2. Jingles & Advertising
        3. Scheduling
        4. Repeat Protection
      5. Live DJ Connections
      6. Live Stream Recording
      7. DJ Manager
      8. Country Blocking
      9. Fallback, Backup and Intro Files
      10. Stream Proxy
      11. AutoDJ Crossfade
      12. Public Page
      13. HTML5 Player
      14. Stream Authentication
      15. Widgets & Links
      16. Reporting
    3. Video Operation Manual
      1. Basics 101
      2. Service Overview
      3. File Manager
      4. Scheduling
      5. Stream Targets
      6. Streaming to Your Service
      7. GeoIP Country Locking
      8. Public Page
      9. Widgets & Links
      10. Reporting
    4. Reseller Operations Manual
      1. Reseller Dashboard
      2. Customers
      3. Media Services
    5. API
    1. Custom Domain Names
    2. Shoutcast 2 Admin Guide
    3. Wowza and Flussonic on same system
    4. Submit a feature request
    1. Getting started with Audio Streaming
    2. Icecast Live Broadcasting
    3. Shoutcast 2 Live Broadcasting
    4. Broadcasting with AutoDJ
    5. DJ Accounts
    6. GeoIP Country Locking
    7. HTML5 Audio Player
    8. Mount Points
    9. Managing Your Media
    10. Managing Media Using FTP
    11. Statistics
    12. Shoutcast 2 Premium
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. VAST Advertising
    6. Relay & IP Camera
    7. Stream Recording
    8. GeoIP Country Locking
    9. Connecting your encoder
    10. Preparing Your Media Files
    11. Managing Media Using FTP
    12. Understanding Video Playlists
    13. Embedding player on your website
    14. Smooth Streaming and Content Transition
    15. Video Transcoding (Adaptive Bitrate Streaming)
    16. Stream Watermark​
    17. DVR Rewind
    18. Statistics
    19. Facebook Live Streaming
    20. Youtube Stream Publishing
    21. Twitch Stream Publishing
    22. Shoutcast 2 Stream Publishing
    23. Icecast Stream Publishing
    24. RTMP Stream Publishing
    1. Cloud Video Overview
    2. Admin Manual - Cloud Video
      1. WHMCS Billing Provisioning Module
      2. Login to your cloud platform
      3. Dashboard - A First Look
      4. Branding your platform
      5. Team & Staff Members
      6. Plans & Customers
      7. Activating VOD on Customer Plan
      8. API
    3. User Manual - Cloud Video
      1. Login to your video platform
      2. First Look
      3. Creating a Channel
      4. Channel Overview
      5. Broadcasting
      6. Recording
      7. Media Content
      8. Live Events
      9. 30 Minute Rewind
      10. Fallback Video
      11. TV Channels - 24x7 UGC
        1. TV Event Scheduling
        2. Channel Guide Widgets
      12. Video on Demand
      13. Relay Channels
      14. VOD Playlists
      15. Publishing
      16. Viewing Analytics
      17. Bandwidth Utilisation
      18. Publish Zoom Meetings
      19. Advertising
      20. Restreaming IP Cameras
    4. Video Guide Series
    5. Streaming Best Practices
    6. Feature Comparison
    7. Roadmap & Release Notes
Secure your server

Last updated 3 months ago

Security in this day and age is critical for your organisation. This article looks at some simple strategies to keeping your server secure from intruders.

Keep all your software up to date

Constant updates every day can be daunting and even annoying for most users, but there is a good reason for them and most of the time they include security updates to keep your systems secure.

Updating is such a simple and effective way to keep all your systems secure, and it is all too often overlooked. It is important to update software on your server as well as all your devices, especially those devices that are used to login to your business systems.

Setup automatic system updates

Did you know that you can configure automatic updates for your server? Here are some great articles that we’ve tried and tested for each operating system:

Don’t want to run automatic updates? Updating your system is really easy. I recommend you install Cockpit for Linux on your system but if you prefer to manually update your system check out these guides instead:

MediaCP Software Updates

Software updates for the MediaCP are announced on your dashboard so you will always know when a new update is available.  Updating the MediaCP software is really easy and involves a single line to complete, however you should always make sure you have a backup before upgrading.

We recommend that you update the MediaCP as soon as an update is available, or at the very least, once every month.

You can update the MediaCP by updating your system packages and running our upgrade utility. You can follow our upgrade guide here: Upgrading – Media Control Panel

Prefer our team to complete this for you? Order an upgrade service instead.

Update your PC

It is just as important to keep your PC updated as it is to keep your system and mediacp up to date. Many intrusions make there way to servers through outdated and unpatched PC’s.

Secure your SSH connection

Here we’ll look at some simple steps to keeping unauthorised users out of your system.

Change the default SSH port

Changing your default SSH port is a very basic level of protection and can help prevent unauthorised acccess, however it does not secure the service; we’ll cover this in the next step.

Important: Make sure to open the new port in your servers firewall before applying changes!

Firewall your SSH port

Many systems come with a firewall already installed, CentOS typically uses firewalld and Debian typically uses ufw.  If you have cPanel installed on your system then you might be using ConfigServer Security & Firewall (CSF).

You will need to determine what firewall is running on your system and make sure that you block all connections to port 22 except for your own IP address. If there is no firewall installed then you should really consider installing one. We reccomend using ConfigServer Security & Firewall (CSF) and have a dedicated guide for installing and configuing CSF to work with the Media Control Panel: Setup CSF Firewall

The default SSH port is on 22, however if you have changed the port from 22 then you should replace port 22 with the new port in your firewall command.

Important Note: Before installing any firewall, please check our system requirements to make sure you don’t accidentally block MediaCP services that require internet access.

Disable password login to SSH

Authentication with SSH keys drastically increases the security of your system, especially when password authenticaiton is then disabled.

Step 1 – Generate and install SSH key

Step 2 – Disable password login to SSH

After enabling SSH key authentication, it a best practice to disable password authentication. Make sure you’ve tested SSH key login first. If your SSH key doesn’t work, and you disable password login, you’ll lose SSH access.

  1. Edit /etc/ssh/sshd_config
    nano /etc/ssh/sshd_config
  2. Find this line:
    #PasswordAuthentication yes
  3. If the line is commented out with #, remove the # symbol.

  4. Replace yes with no. The line should look like this when finished:
    PasswordAuthentication no
  5. Restart OpenSSH
    systemctl restart sshd.service

Configure Regular Backups

Regular backups don’t necessarily secure your server however they are crucial in order to restore your system if something does go wrong. Hard disk failures are common and without a backup there is no way to recover your data.

Use VPS Snapshots!

If you are using a VPS then you should be using snapshots. If your provider does not include a snapshot feature then you should find another provider!

What are snapshots?

Snapshots allow you to capture and preserve the entire state of a VPS, including it’s data. In the case where something goes wrong, such as a failed upgrade or corrupted data then you can usually restore to the last snapshot within minutes.

Backup the MediaCP and store it offsite

Our software includes a simple and automated backup utility. You should make sure that you have regular backups configured within the MediaCP from Administration -> System Config -> Backups

We recommend storing backups on a separate disk on your server to protect against disk failure which would result in losing your panel and your backups. If you are using a VPS, you should be able to easily add a new disk to your server to set this up. It is important to ensure the additional disk is large enough to store full backups of your panel and content. This, along with the steps to setup a custom backup path is explained in more detail in our backup documentation: Backup MediaCP

From there for added security you can setup offsite backups by syncing your backups to an offsite location. This could be done by mounting an external cloud drive and storing a copy of your backups there, or by setting up a cronjob that automatically rsync’s or transfers your backups to the external location.

Table of Contents