Securing cPanel - WHM

**wonker** · 06-29-2008 08:45 AM

Hello, I've just completed all the steps here : http://blog.cpanel.net/?p=60

However there is still on thing that doesn't seem very secure ... :

Logging into WHM with root user and simple password !

It's all very well securing SSH as it recieves the most password attacks however what is the best way to secure WHM? I don't like logging into WHM with root user... Is there a way to disallow root logins on WHM giving another user the rights, or is it possible to also use RSA keys or similar for logging into WHM?

Thanks in advance

**SpiritAu** · 06-29-2008 08:58 AM

Create an account say admin.com and username admin than setup that as a reseller with root pervious and problem solved

Otherwise force WHM to redirect to the SSL location and any username/password data will be sent over 256bit SSL.

**C4talyst** · 06-29-2008 09:28 AM

Good solution, thank you Spirit.

**wonker** · 06-29-2008 10:06 AM

Thankyou,

That saves me from logging in as root, but does not stop someone else from signing in as root.

Is there a was to disallow root login to cPanel, a bit like with SSH?

**Infopro** · 06-29-2008 11:38 AM

cPHulk in Security Section of WHM can help, this can help even more:
http://www.configserver.com/cp/csf.html

Limiting the number of failed login attempts is a great suggestion to run with there.

LinkBack

Thread Tools

Securing cPanel - WHM

Securing a new cPanel server, suExec, suPHP etc

Securing Apache in cPanel

Securing whm (dns-only)

Securing Cpanel Server

Securing a cpanel box