I searched so I apologize if this is somewhere else ---
Okay,
So those of us with dedicated servers have all been good boys & girls right?
We disabled Telnet -
We disabled SSH1
We disabled Root Login (SSH)
Some of us even disabled standard IP login from SSH and routed it to a different IP.
Even some of us went further and changed the SSH port all together to some obscure port.
Okay, now that we are all paranoid and sit in the dark waiting for "them" to come get us (yes, me included) here is my question -
We did all of this great stuff, however cPanel still allows root login. If someone tried a dictionary attack/brute force attack against cPanel login, they would have a chance at getting our root password.
Does anyone know of a way to block root login for cPanel? (Obviously this could cause issues like what we had with the new license agreement but I believe root login still should "go away" from cPanel also.)
Suggestions? Thoughts?
Can you disable root login (WHM) but allow the regular scripts to run as root as needed?
(Please note that I am not talking about SSH Root login, but logging in as root in WHM)
Thanks!
Okay,
So those of us with dedicated servers have all been good boys & girls right?
We disabled Telnet -
We disabled SSH1
We disabled Root Login (SSH)
Some of us even disabled standard IP login from SSH and routed it to a different IP.
Even some of us went further and changed the SSH port all together to some obscure port.
Okay, now that we are all paranoid and sit in the dark waiting for "them" to come get us (yes, me included) here is my question -
We did all of this great stuff, however cPanel still allows root login. If someone tried a dictionary attack/brute force attack against cPanel login, they would have a chance at getting our root password.
Does anyone know of a way to block root login for cPanel? (Obviously this could cause issues like what we had with the new license agreement but I believe root login still should "go away" from cPanel also.)
Suggestions? Thoughts?
Can you disable root login (WHM) but allow the regular scripts to run as root as needed?
(Please note that I am not talking about SSH Root login, but logging in as root in WHM)
Thanks!