Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Change port and deny all and still use?

Discussion in 'Security' started by Spirogg, Feb 23, 2018.

  1. Spirogg

    Spirogg Member

    Joined:
    Feb 21, 2018
    Messages:
    23
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    chicago
    cPanel Access Level:
    Root Administrator
    Hi all,


    Just wondering can you go to WHM in cpanel and go to Home >Security Center > Host Access Control

    and input Access Deny ALL port 22 or whatever port you change it too and when you want to login to ssh via ssh key you could allow temporarily or will the ssh key let you login anyway if it is deny all ?



    also can you just change the port to something under 1024 and will the new port be disabled or still open and I have to close it somehow ?




    if you do add Access Deny ALL port 22 does it block the IP's from trying to hit that port so much and the firewall rules will blacklist them or can you still get hit with IP's and slow your server down ?



    PS I have cloudlinux OS Cagefs installed and Imunity360 but my port is still 22 do I just change my port to another port and it will be secure since I have cagefs and all the cloudlinux stuff ?

    Sorry for my ignorance i am a newbie at this


    Thanks so much in advance

    Spiro
     
  2. Spirogg

    Spirogg Member

    Joined:
    Feb 21, 2018
    Messages:
    23
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    chicago
    cPanel Access Level:
    Root Administrator
    also how do you know if a port is available to change it to ? i've read root needs to change port and it needs to be under 1024
    but what port number can you use? with out conflicting with something else?

    thanks again

    Spiro
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,961
    Likes Received:
    1,821
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    No, if the port is blocked for all users, access is denied no matter the authentication type.

    You'd still need to use a firewall rule or the "Host Access Control" option to restrict access to the port to specific IP addresses if you wanted access restricted. You may find CSF useful for this purpose:

    ConfigServer Security & Firewall (csf)

    The "Host Access Control" feature prevents authentication, but it doesn't block the access attempt itself. You'd need to use a firewall rule to do that (See CSF in my previous answer).

    For SSH, the following thread is helpful if you want it secured:

    [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)

    As far as overall server security, this document is a good place to start:

    Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Spirogg

    Spirogg Member

    Joined:
    Feb 21, 2018
    Messages:
    23
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    chicago
    cPanel Access Level:
    Root Administrator
    thank you please mark as solved
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice