AlmaLinux + DirectAdmin VPS / Dedicated Server – Onboarding, Security & Responsibility Guide (v5 Expanded Edition)

Welcome to iCoreHosting’s AlmaLinux + DirectAdmin hosting environment. This comprehensive guide provides step-by-step onboarding instructions, infrastructure planning, DNS setup, server security configuration, Malaysian legal compliance requirements, backup policies, sub-hosting responsibilities, and operational best practices. All content is written for real-world production use, ensuring stability, security, and accountability for every customer.

Service Direction & Deployment Planning
Server Overview & Initial Preparation
Login & Access Information
Network Configuration
Nameservers & DNS Setup
DirectAdmin Account Structure Overview
Security Baseline
Local Government Rules Reminder
Software & System Updates
Domain, DNS & Email Configuration
Web Server, PHP & Database Management
Backup Policy
Sub-Hosting / Reseller Responsibilities
Monitoring & Logs
Performance Optimization
Advanced Security & Hardening
Inodes & File Usage
Common Misconfigurations
Responsibility Breakdown
Support Information

1. Service Direction & Deployment Planning

Correct planning is one of the most important steps before deploying a DirectAdmin server. A clear direction helps avoid unnecessary reconfiguration, prevents downtime, ensures predictable performance, and guarantees compliance with local regulations. Whether you plan to run corporate websites, host multiple customers, or manage a high-performance application, defining the service direction ensures your server is configured correctly from Day 1.

1.1 Suitable Deployment Use Cases

Shared Hosting Environment: Host multiple websites or customers with isolated user accounts.
Corporate Website Hosting: High–reliability hosting for company websites, HR portals, intranets, etc.
WordPress Hosting: Optimized for LiteSpeed/OpenLiteSpeed with LSCache support.
eCommerce Hosting: Suitable for WooCommerce, Opencart, or high-traffic stores.
Web Application Hosting: Laravel applications, REST APIs, custom systems.
Email Hosting: Full email hosting using Dovecot + Exim, suitable for SMEs.
Reseller / Sub-Hosting: Allow downstream clients to manage their own hosting accounts.

1.2 Deployment Considerations (+ Expanded Detail)

Traffic Forecast: Anticipate peak-hour traffic to avoid CPU & RAM saturation.
Disk Architecture: SSD/NVMe recommended for database-heavy sites.
Separate Accounts: Do not host multiple customers in a single user account.
Backup Strategy: Use off-site backups to prevent data loss from local drive failures.
Email Requirements: High-volume senders should use Amazon SES / Mailjet.
Security Expectation: Enforce 2FA, SSH key-based login, and firewall whitelisting.
Legal Restrictions: Hosting must comply with Malaysian CMA, PDPA, and IP laws.

2. Server Overview & Initial Preparation

Your server runs DirectAdmin on AlmaLinux, designed for maximum stability, security updates, and compatibility. Before onboarding, confirm the following information from the welcome email to ensure your initial setup proceeds smoothly.

2.1 Verify Server Information

Server Primary IP
Root SSH Credentials
DirectAdmin Admin Login URL
Assigned Hostname
Default Nameserver Configuration
Disk layout and storage allocations

2.2 Initial Server Tasks

Update root password to a strong, complex password
Set timezone to Asia/Kuala_Lumpur
Verify DNS resolvers
Confirm server hostname resolves correctly
Perform a full OS update

3. Login & Access Information

3.1 DirectAdmin Login URL

https://YOUR-SERVER-IP:2222

3.2 SSH Access

ssh root@YOUR-SERVER-IP

3.3 Recommended SSH Security Enhancements

Disable password login after setting up SSH keys
Allow only whitelisted IPs
Change SSH port to reduce brute-force attacks
Install Fail2Ban for SSH and DirectAdmin protection

4. Network Configuration

A stable network environment is essential for website hosting and email reliability. AlmaLinux network interface files are located in:

/etc/sysconfig/network-scripts/

4.1 Important Network Tools (+ Expanded)

ip addr — List all network interfaces
ip route — Check routing tables
ss -tulpn — Inspect listening sockets & services
mt r — Diagnose network path issues
dig / nslookup — Verify DNS lookups
ping — Basic connectivity testing

4.2 Outbound Port Requirements

Port 80/443 — Web traffic
Port 53 — DNS queries
Ports 465/587 — Outgoing SMTP
Ports 993/995 — IMAP/POP SSL

5. Nameservers & DNS Setup

5.1 Recommended iCoreHosting Nameservers

nsda1.icorehosting.com
nsda2.icorehosting.com

Using iCoreHosting NS ensures best compatibility and fastest propagation.

5.2 Custom Nameserver Setup (ns1.yourdomain.com)

Register Glue Records at your domain registrar
Assign IP addresses to ns1/ns2
Configure them under DirectAdmin → Admin Level → DNS Admin
Restart DNS service after changes

5.3 Essential DNS Records

A — Points domain to server IP
MX — Email routing
TXT SPF — Authorizes sending
DKIM — Adds signature for email authenticity
DMARC — Domain-level anti-spoofing
PTR — Reverse DNS (set by iCoreHosting)

6. DirectAdmin Account Structure Overview

DirectAdmin uses a clear 3-level architecture designed for isolation, control, and multi-user hosting flexibility.

6.1 Account Levels Explained (+ Expanded)

Admin Level: Full system control, service configuration, DNS templates, backups, packages.
Reseller Level: Ability to create and manage users, assign packages, handle quotas.
User Level: Website owners with FTP, email, databases, DNS zone control.

6.2 Recommended Account Segmentation

Each customer = separate DirectAdmin user
Each domain = separate cPanel-like user account
Never host multiple clients inside one account
Use reseller partitioning if hosting sub-clients

7. Security Baseline

Security is fundamental for all hosting environments. DirectAdmin servers require immediate hardening to protect against brute-force attacks, malware, email abuse, and website hacking.

7.1 SSH Hardening

Disable root SSH login
Enable key-based login
Change SSH port
Install Fail2Ban for SSH protection

7.2 DirectAdmin Security Tools

CSF Firewall (recommended)
Brute Force Monitor (BFM)
ModSecurity for NGINX/Apache
Login Keys for API restrictions
Directory-level password protection

7.3 Malware Protection

ClamAV scanner
ImunifyAV / Imunify360 (recommended)
Auto-quarantine suspicious files

8. Local Government Rules Reminder

All services hosted under iCoreHosting must comply with Malaysian laws and regulations. Customers are fully responsible for all content hosted on their servers.

8.1 Relevant Malaysian Acts (+ Expanded)

CMA 1998 – Regulates online content & hosting activity
PDPA 2010 – Applies to personal data handling
Computer Crimes Act 1997 – Covers illegal access, hacking, intrusion
Copyright Act – Covers illegal downloads/streaming

8.2 Strictly Prohibited Uses

Hosting VPN, proxies, tunneling services without written approval
Hacking tools, phishing kits, malware
Spam email campaigns
Pornography, illegal streaming, scams, gambling
Botnet C2 servers or crypto-mining

9. Software & System Updates

Always keep your operating system and DirectAdmin components up to date.

9.1 OS Updates

dnf update -y

9.2 DirectAdmin Updates

cd /usr/local/directadmin/custombuild
./build update
./build update_versions

9.3 Additional Update Recommendations

Update PHP versions frequently
Update MariaDB to supported versions
Apply security patches promptly

10. Domain, DNS & Email Configuration

10.1 Email Deliverability Essentials

Enable DKIM (DirectAdmin → DNS Management)
Enable SPF (TXT record)
Enable DMARC
Ensure PTR (reverse DNS) matches your hostname

10.2 Email Ports

IMAP SSL – 993
POP3 SSL – 995
SMTP SSL – 465
SMTP TLS – 587

For best results, use external SMTP providers (Amazon SES, Mailjet, SendGrid, etc.) for transactional or bulk emails.

11. Web Server, PHP & Database Management

DirectAdmin supports multiple web server stacks depending on performance requirements, compatibility needs, and application type. Proper configuration ensures efficient resource usage, strong security, and stable uptime for all hosted websites.

11.1 Web Server Stack Options

OpenLiteSpeed: Best performance for WordPress + LSCache.
LiteSpeed Enterprise: Enterprise-grade acceleration (recommended for high traffic).
Apache + NGINX Reverse Proxy: Balanced compatibility and performance.
Pure Apache: Maximum compatibility for all applications.

11.2 PHP Configuration

Use PHP-FPM for performance and isolation.
Avoid outdated versions such as PHP 5.6 / 7.0 / 7.1.
Set per-user php.ini limits for safety.
Recommended settings for modern apps:
- memory_limit = 512M
- upload_max_filesize = 128M
- max_execution_time = 300

11.3 Database Management

Use MariaDB 10.5 or later for performance.
Enable slow query log for large applications.
Restrict remote access unless absolutely necessary.
Backup databases independently using mysqldump or phpMyAdmin.

12. Backup Policy (VPS & Dedicated Server)

VPS and Dedicated Server plans provided by iCoreHosting do not come with any included backups. All data protection, backup creation, and backup retention are the sole responsibility of the customer. To ensure maximum data safety, customers are encouraged to subscribe to a dedicated backup solution.

Important Notice:

No backups are provided by default for all VPS and dedicated server services.
iCoreHosting does not retain, maintain, or guarantee any server backups unless a paid backup service is purchased.
All data stored on the server is fully under the customer’s responsibility.
The customer must implement their own off-site backup strategy.

12.1 Optional Paid Backup Services

Customers may order separate backup solutions, including:

External Backup Storage (FTP, SFTP, Rsync targets)
Daily Automated Backups (requires paid addon)
Snapshot-based Backups (if supported on selected VPS nodes)
Cloud Storage Backup – Amazon S3, Backblaze B2, Google Cloud, Wasabi

12.2 Customer Responsibilities

Create scheduled backups of website files, databases, and configurations.
Store backups off-site to prevent loss from hardware failure or corruption.
Regularly verify backup integrity and restoration functionality.
Maintain sufficient disk space for backup operations.

12.3 What iCoreHosting Is Not Responsible For

Loss of data due to hardware failure, user deletion, hacking, or misconfiguration.
Backups stored inside the VPS or dedicated server.
Restoration of data without an active paid backup service.
Backup failure caused by full disk, inode exhaustion, or corrupted files.

13. Sub-Hosting / Reseller Responsibilities

If you use DirectAdmin for reseller hosting, you are legally and technically responsible for the behavior, data, and actions of your downstream clients.

13.1 Core Responsibilities

You must ensure every sub-client follows iCoreHosting AUP and Malaysian laws.
You must monitor resource usage, inode growth, and disk capacity.
You must manage spam issues caused by sub-clients.
You are responsible for suspending or terminating abusive users.

13.2 Abuse & Enforcement

If a sub-client sends spam, the master reseller account may be suspended.
IP blacklisting caused by a sub-client is the reseller’s responsibility.
Repeated AUP violations may result in full account termination.

13.3 Sub-Hosting Best Practices (+ Expanded)

Create packages with reasonable limits (disk, CPU, inode).
Force all clients to use strong passwords.
Regularly review user accounts for outdated CMS versions.
Enable automatic ModSecurity rules for every new user.

14. Monitoring & Logs

Monitoring allows you to detect problems early before they become service outages.

14.1 System Logs

/var/log/messages — System activities
/var/log/secure — SSH & authentication logs
/var/log/exim/mainlog — Email issues
/var/log/httpd/ — Web server logs
/usr/local/directadmin/log/ — DA logs

14.2 Real-Time Monitoring Tools

top / htop — CPU & process monitoring
iostat — Disk performance
vmstat — Memory bottlenecks
netstat / ss — Network connections

15. Performance Optimization

15.1 Server-Side Optimizations

Use OpenLiteSpeed / LiteSpeed Enterprise for best speed.
Enable Redis Object Cache for WordPress.
Use PHP-FPM with adaptive process control.
Enable Brotli compression for faster load time.

15.2 Application-Level Optimizations

Optimize images with WebP conversion.
Use caching plugins: LSCache / WP Super Cache.
Minimize plugins and remove unused themes.
Enable Cloudflare CDN.

16. Advanced Security & Hardening

16.1 DirectAdmin Security

Enable brute force monitoring alerts.
Lock important configuration files.
Enable Two-Factor Authentication (2FA).

16.2 Firewall Configuration

Install & configure CSF (recommended).
Allow only necessary ports.
Whitelist admin IP addresses.

16.3 Website Security Enhancements

Enable ModSecurity with OWASP rules.
Install malware scanners.
Disable dangerous PHP functions.
Use WAF on Cloudflare when possible.

17. Inodes & File Usage

Inodes represent the total number of files and directories on your server. Excessive inode usage can cause websites to stop functioning, email to fail, and backups to break.

17.1 Check Inode Usage

df -i

17.2 Common Causes of Inode Overuse

Email accounts with thousands of old messages
Cache folders from WordPress/Magento
Session files in /tmp/
Backup files stored incorrectly inside user accounts

17.3 How to Reduce Inode Usage

Enable auto-purge for email Trash & Spam.
Clear WordPress caching folders regularly.
Move backups to off-site storage.
Remove old logs & temporary build files.

18. Common Misconfigurations

18.1 DNS Errors

Wrong A record
Incorrect MX record
SPF/DKIM/DMARC missing
Duplicate CNAME entries

18.2 Email Issues

IP blacklisting caused by sub-clients
SMTP ports blocked
Mail queue overload

18.3 Web Server Issues

Mismatched PHP versions
Incorrect file permissions
Incorrect .htaccess or LSCache rules

19. Responsibility Breakdown

19.1 iCoreHosting Responsibilities

Datacenter power & cooling
Network routing, connectivity & upstream providers
Hardware replacement for dedicated servers
Virtualization infrastructure for VPS
IP allocation & DDoS mitigation

19.2 Customer Responsibilities

Server OS updates
DirectAdmin updates
Application & CMS updates (WordPress, etc.)
Firewall, SSH & security hardening
Backup retention management
Email reputation & spam control
DNS record management
Sub-hosting client abuse monitoring
Compliance with Malaysian laws

19.3 Not Included

Website debugging or custom coding
CMS/plugin troubleshooting
Email marketing/bulk sending
Data recovery for accidental deletion

20. Support Information

For technical or billing support, please contact:

Support Portal: https://www.icore.com.my/support
Billing Portal: https://billing.icore.com.my

When opening a support ticket, please include:

Server hostname or IP address
Domain name
Issue description
Error message or screenshot
Time of issue
Troubleshooting steps already attempted

iCoreHosting – AlmaLinux + DirectAdmin VPS / Dedicated Server Onboarding, Security & Responsibility Guide • Version 5 Extended Edition

Knowledgebase

Categories