Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Create new WHM admin?

Discussion in 'General Discussion' started by chanklish, Jun 3, 2019.

  1. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    hello
    i want to create a new admin user for WHM other than root to disable direct root login , but the KB provided to create a user without a domain has a clear warning :
    We strongly recommend that you do not use this method to create administrative user accounts. This method can cause problems with your server configuration.

    what to do ? can i follow it ? can i use an account with a domain ( i own all the domains ) ?! if yes would this present a new security risk ?!

    How to Create a WHM Reseller Without An Associated Domain - cPanel Knowledge Base - cPanel Documentation
     
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,484
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    I probably would not do this just for the sole purpose of denying root access.

    If you are the only one who is accessing WHM you could close the ports in the firewall and just whitelist yours.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    i have change the default port of ssh , denying everything except my public static ip in access host control .. is this enough ?
     
  4. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,484
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    if you are denying access to 2086/2087 in hosts then yes that is adequate.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. chanklish

    chanklish Well-Known Member

    Joined:
    May 22, 2015
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    what do you mean ? in access host control you control which service is allowed or denied for an ip or subnet
     
  6. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,484
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Ok, yes, if you restrict access to whostmgrd to just your IP then you are fine.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,529
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @chanklish,

    Using WHM >> Host Access Control to limit access to the whostmgrd service to your own IP address is a better approach. Keep in mind you'll to connect over SSH to modify the IP address added in the /etc/hosts.allow file anytime your IP address changes.

    As far as overall security, the following document is a good place to start:

    Recommended Security Settings - cPanel Knowledge Base - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice