Blocking logins but not emails

[Macs R We]

To further secure root login access to my server, I configured CPHulk to blacklist the entire IP range, then whitelist only a small number of addresses from which logins would be allowed. I thought this controlled logins to WHM and cPanel, controlling administrative access to the server. However, it apparently also forbids personnel on the road from accessing their email accounts, which I did not intend to restrict.

Is there any way to "do what I want" -- lock down administrative access portals while not locking down user access portals?

 

[kodeslogic]

You can use Host Access Control more details can be found at the below URL

Host Access Control | cPanel & WHM Documentation

Use this interface to allow, reject, or drop access to services for specific IP addresses.

docs.cpanel.net

 

[Macs R We]

Have you given thought to set up ssh key-based login and disable the password authentication for the SSH?

One, that sounds way out of my comfort zone (I'm barely a hedge wizard); and two, it sounds like something that might seriously inconvenience my hosting provider. 12 hours after doing what I already did, I found my sparse whitelist populated with an additional ~30 IPs/ranges resolving to their own networks and outsourced techs in India.

 

[Macs R We]

You can use Host Access Control more details can be found at the below URL

Thank you, this looks promising. How does it interact with CPHulk? Do I need to remove my CPHulk rules after I do this, to avoid contradictions?

 

[kodeslogic]

Yes, remove the cPHulk rules.

 

[cPRex]

Thanks @kodeslogic !