SOLVED How to force user to use SFTP and Secure SMTP?

[sodapopinski]

Hi All,

Long time I never touch and read update about the cpanel server since resigned into hosting company on 2012.
Now my friend want me to manage his server because too many ftp account hacked through trojan horse in customer computer.

My questions are :

1. How to force customer using SFTP instead of using FTP. Do we need to turn on shell access?
2. How to force user to download and send email using secure encrypted way?

Thank you very much.

 

[Jcats]

1. How to force customer using SFTP instead of using FTP. Do we need to turn on shell access?

You can disable the FTP service via WHM > Service Manager

And then yes, you would need to enable shell access.

Too be honest though, this will increase the hackers ability to do even more damage if they are able to get the SFTP info from a trojan since they now have shell access where FTP will limit their abilities.

2. How to force user to download and send email using secure encrypted way?

In WHM > Mailserver Configuration

Set Allow Plaintext Authentication to NO

WHM > Exim Configuration Manager

Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server. - On

 

[cPWilliamL]

Hi @sodapopinski @Jcats,

Just to be clear, SFTP access for a cPanel user doesn't require shell access when disabled via WHM. When the shell is disabled from WHM, a special shell wrapper(/usr/local/cpanel/bin/noshell) is used to allow SFTP access, without allowing full shell access. With that said, this wrapper doesn't support any custom arguments added to the SFTP subsystem configuration.

The rest of the recommendations are certainly correct though.

Thanks,

 

[sodapopinski]

Thank you very much @Jcats and @cPWilliamL . Thank you ;p

 

[cPWilliamL]

Glad to help. I'll mark this thread as solved for now.