Change cPanel default ports (2082-3 & 2086-7)

awlaQ

Member
Sep 21, 2014
10
0
1
cPanel Access Level
Root Administrator
Hello people.

I need to change the default ports of cPanel, user ports (secure & insecure) and of course root ones too.

I search on Google + on this forum, I could find any accurate response.

Any tutorial ?
 

awlaQ

Member
Sep 21, 2014
10
0
1
cPanel Access Level
Root Administrator
Already did change SSH default port, but there is a new exploit to root an updated server (Cpanel & OS).

This is why I need to edit Cpanel login ports.
is there any solution for a 2 fact authentification ? like SMS or something like this ?
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
23
143
Houston, TX
cPanel Access Level
Root Administrator
If you are aware of an exploit that could be used on cPanel servers, please send an e-mail to [email protected], as soon as possible. That goes directly to our security team, and they want to hear about any suspected security problem.

You can change the cPanel port by editing this line in /var/cpanel/cpanel.config:

Code:
port=2082
Then restart the cPanel service:

Code:
# /usr/local/cpanel/startup
The port= directive in /var/cpanel/cpanel.config sets the non-SSL port. The SSL port will be one higher than that (2083 instead of 2082, by default).

There is no way to change the WebHost Manager ports. No ability to change them exists in the product.
 

awlaQ

Member
Sep 21, 2014
10
0
1
cPanel Access Level
Root Administrator
About security exploit, there are 3 I am aware of, one of them allow a hacker to root the server via bandmin service, browse your website this way : /http://website.com/bandwidth and if it ask for htaccess login, you can get hacked easily.

about the Two-factor, then can do it very easily, a simple Twilio/Nexmo api and will be solved.

how about restricting access to some IPs only ? I will use a vpn to login to my accounts, do you have any tutorial please ?
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
23
143
Houston, TX
cPanel Access Level
Root Administrator
Again, please e-mail [email protected] if you think you have discovered any security problem in our product. That is the appropriate channel for reporting security concerns.

You can restrict access by IP address to the WebHost Manager, cPanel, Webmail, and other services by using Home » Security Center » Host Access Control. This is documented here:

http://documentation.cpanel.net/display/ALD/Host+Access+Control

It is not noted in the documentation, but you can also use Host Access Control to restrict access to SSH (daemon name sshd) and FTP (daemon name ftp), but only if you use ProFTPd. Pure-FTPd does not respect tcpwrappers so Host Access Control has no effect on Pure-FTPd.
 

awlaQ

Member
Sep 21, 2014
10
0
1
cPanel Access Level
Root Administrator
Thank you Jared for the support,

I will forward the exploit to cpanel team, and will try your solution about IP restrictions.

Thank you and have a good day.