The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Extra Attempt protections of Bots

Discussion in 'Security' started by inthukha, Jul 18, 2013.

  1. inthukha

    inthukha Well-Known Member

    Joined:
    Jul 17, 2013
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    I m in the process of VPS hardening where WHM/CPanel installed and performed all of the basic and advanced security steps.

    I want to make more secure the way where clients will access. i want to make control panel access with more security of .htaccess handled. so if client or any other freak person try to 2082 or 2086 or 2096 via browser so .htaccess ask verification code and after putting the code client will able to access Password screen.

    Please advise how can i perform this step with more smarty way? i want to know complete process of how .htaccess work upfront of those access points for verifications.

    Many thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    cPanel and WHM are already password protected using a secure method. Is there a specific reason you prefer an alternate method of logging into cPanel/WHM compared to what's already implemented?

    Thank you.
     
  3. inthukha

    inthukha Well-Known Member

    Joined:
    Jul 17, 2013
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    No, i just asking to verification. not logging into cpanel/whm.

    i just want if someone try to login cpanel or WHM he/she face .htaccess user:passowrd screen where they use custom user:password provided from "ME". and once they done they will able to login their cpanel/WHM.
     
  4. srider

    srider Registered

    Joined:
    Sep 13, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Palm Springs, CA USA
    Apache only listens on port 80 and maybe 443 in a typical configuration. Apache is the only process that uses .htaccess.

    cPanel is a separate process from Apache, this is necessary if cPanel is to monitor and control Apache. And it's a good thing.

    You can add protection against dictionary attacks on Apache and/or cPanel by installing ConfigServer CSF, a truly excellent firewall. It has an option to watch cPanel login failures and respond with a temporary or permanent IP ban. It has been working for me for many years. You will love CSF firewall, trust me.

    ConfigServer Security & Firewall
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can also ensure the following option is enabled for added security to cPanel/WHM login attempts:

    "WHM Home » Security Center » cPHulk Brute Force Protection"

    You can restrict access to specific services such as cPanel/WHM using Host Access Control:

    "WHM Home » Security Center » Host Access Control"

    Thank you.
     
Loading...

Share This Page