Disable site.com/whm and site.com/cpanel

MrAndreas

Member
Oct 31, 2011
6
0
51
cPanel Access Level
Website Owner
i have dedicated server with 3 ip addresses and only use one dedicated ip for my website. The main ip address is used for whm is not connected to site.

Now the question arose since i got too many notification for people trying to crack my whm password 5-20 attempts like every day now. i need to disable site.com/whm and site.com/cpanel and only being able to login to whm from the main ip address.

E.g.
whm - 201.220.11.59
site.com - 201.220.11.2
not used - 201.220.11.101

so i wan to only be able to access whm like this: 201.220.11.59/whm

or it can be any other trick as far as below statement is true
when someone goes to:

201.220.11.2/whm
201.220.11.2:cpanel
201.220.11.2:2087
201.220.11.2:2083

201.220.11.101/whm
201.220.11.101/whm
201.220.11.101:2087
201.220.11.101:2083

should lead to NOWHERE.

Logic's behind this is that no one know about 201.220.11.59 since it does not have any website on it.

P.S. ip is fake obviously.
P.P.S. i would just change port of cpanel maybee if there was no /whm and /cpanel shortcut.
 
Last edited:

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
You could place entries into iptables to block the cPanel and WHM ports for the other IPs on the machine (please try google searches for how to block specific ports on a specific IP).

You could use the suggestions in this thread to remove the cpanel and whm ScriptAliasMatch lines and to change the cPanel port:

http://forums.cpanel.net/f5/ask-rename-cpanel-whm-become-newname-226501.html#post933932

I further mention such changes at this location:

http://forums.cpanel.net/f185/moving-default-cpanel-whm-locations-avoid-directory-scanners-248251.html#post1037321
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,606
33
238
somewhere over the rainbow
cPanel Access Level
Root Administrator
Did you run the following commands afterwards?

Code:
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
Apache must be restarted in order for the urls to no longer allow the redirection. You might also want to restart cPanel (/etc/init.d/cpanel restart).

Of note, I didn't suggest commenting out the lines in my linked replies. I suggested removing them.