The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How Do I Redirect "Cpanel" and "WHM" URL to something anonymous?

Discussion in 'General Discussion' started by Wabda20, Jul 10, 2011.

  1. Wabda20

    Wabda20 Member

    Joined:
    Jul 10, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi, recently security has become my concern. I have a site that I don't host myself, i have the site in liquidweb.com VPS service. Now everytime I want to access my WHM, i just type in mysite.com/whm

    or if i want to access cPanel, i just type in mysite.com/cpanel

    or there are specific numbers for this like mysite.com:2083 or something like that

    I really want to change these URLs as these are extremely easy to predict.

    For example, i had mysite.com/wp-admin (wordpress login page as you know), but then now if I type that URL in my browser I will get nothing. Instead, i use custom URL for the wordpress login page (like let's say mysite.com/24ffer34322). I got the script from someone else but not sure if I can do the same for cpanel/whm because it's not URL redirection related I believe.

    I generally don't feel safe with having login page in public because I think everybody already knows mysite.com/whm and mysite.com/cpanel are default URLs to gain access to everything in your site whenever you have cPanel installed in your web host.:(
     
    #1 Wabda20, Jul 10, 2011
    Last edited: Jul 10, 2011
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    200
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You cannot change this. What you can do is create a very hard to guess password though, and is suggested.

    This: mysite.com/24ffer34322 does not make your wordpress login more secure, it only makes it tougher to find. Once found if you're using a weak password, it will be logged into by someone who wants to login.

    Use the cPanel password generator and generate a nice long hard to guess at password.
     
  3. ServerMascot

    ServerMascot Member

    Joined:
    Jan 17, 2011
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    1
    Try to change the ScriptAliasMatch directive in apache conf file.

    eg: ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi

    In this the expression cpanel is matched in the URL and it is redirected according to the cPanel redirect script. You can write a script of your own to redirect and replace in place of /usr/local/cpanel/cgi-sys/redirect.cgi.

    Best Regards,
    Vaisakh B
    ServerMascot
     
  4. Wabda20

    Wabda20 Member

    Joined:
    Jul 10, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Thanks a lot, will try today and tell you the result


    Im sorry my friend but i am not that retarded. obviously i know a long password is needed. I always have a long password and I always write down EVERY of my long password on my book (instead of storing them on my computer). I still need more security though, having your login form public is actually a bit naive. I have ever got hacked ayear ago by someone whom is probably not an usual hacker. I dont know how he freakin got access to my email address but i was very sure i didnt have malware on my mac. I used mac and I even ordered a new macbook since that hacking tragedy. Unfortunately, few weeks later after he knew my another email address username, he hacked it again. So you tell me what went wrong..definitely my password was something like ijfioewjfm<iew230821312cxc??@

    but again, after becoming very anonymous (never revealed my email address to anyone, and use separate email address for each messenger account and website), he never be able to gain access to any of my site/account anymore. It proves that he never had malware on my computer, instead he could hack me by exploiting ONLY my username. That was on Yahoo email though. Now how do you think he cant get access by simply typing site.com/cpanel if he can get access to yahoo by just knowing my username? You can laugh at me and saying "such great hacker doesnt exist" but I know what I was dealing with, my friend. I am an internet marketer myself so i am sure i never click/fill in any stupid phishing form as I know internet tricks in and out
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I have to highly suggest using WHM > Host Access Control to allow whostmgrd access for WHM to only the IPs you are using, then block all other IPs. This way, anyone who is trying to access WHM even upon guessing the url will not be able to even load the page to try to input passwords.
     
  6. Wabda20

    Wabda20 Member

    Joined:
    Jul 10, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    thanks cPanelTristan, but how if my IP is dynamic? Let's say my IP, everytime I restart my connection, always resolve around:
    182.200.10.xx
    and 202.200.10.xx

    these "xx" numbers are always different. Sometimes 02, 03, 45, etc.

    How do I get around this? Do I need to use static IP for this?

    also can I just "allow access" to specific country IP? I am afraid if I do this and one day my connection down and at the same time I need to access my site for urgency reasons then I use another ISP (like mobile connection), then I simply unable to access my site because of this filter...
     
    #6 Wabda20, Jul 15, 2011
    Last edited: Jul 15, 2011
  7. Wabda20

    Wabda20 Member

    Joined:
    Jul 10, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    also @servermascott, how to access the apache conf file?

    plus let's say I want to redirect /cpanel to something like "/12345", how do I do that?

    you mentioend: ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi

    now what to write there to get cpanel URL to "/12345"?
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You wouldn't be able to allow access to a specific country's IP numbers. If you are only blocking WHM access but not root SSH access, there's no reason to be worried about being unable to get into the machine to allow extra IPs at that point. The file that handles the WHM > Host Access Control is /etc/allow.hosts file, so you could always log into root SSH and edit the file to add more IPs for whostmgrd access.

    As for adding a range of IPs, WHM > Host Access Control area will not accept a range of IP addresses. These would need to be added individually. Here's a link to our documentation talking about that area:

    Host Access Control
     
Loading...

Share This Page