Hi All,
I've just become aware of Host Access Control
docs.cpanel.net
The documentation says:
-------------------------------------------------
Use this interface to allow or deny (block) access to the following services for specific IP addresses:
One of the first principles of good security is "less is more", right? The less services that are running/accessible, the less potential vulnerabilities there are to exploit.
But sys admins don't want to go around, deny access to services, if those services are in active use.
The non-customer-centric way to work this out is to deny access to a server, see if any customers complain, and consider un-denying access if you have to (e.g. if the customer can't use an alternative service instead).
So the customer-centric way is to work which method is best, per service (webmail, web disk, etc.) to confidently detect which is in (legitimate) active use, and which is not.
So my question to this forum is: what's the best, most authoritative method of detecting which of the above services are in active use (and which accounts are using them), per WHM server?
Reviewing log files, presumably? Specific search strings of specific log files for specific services?
Thanks in anticipation,
Ross
I've just become aware of Host Access Control
Host Access Control | cPanel & WHM Documentation
Use this interface to allow or deny (block) access to services for specific IP addresses.

The documentation says:
-------------------------------------------------
Use this interface to allow or deny (block) access to the following services for specific IP addresses:
- cPanel (cpaneld)
- WHM (whostmgrd)
- Webmail (webmaild)
- Web Disk (cpdavd)
- FTP (ftpd)
- SSH (sshd)
- SMTP (smtp)
- POP3 (pop3)
- IMAP (imap)
One of the first principles of good security is "less is more", right? The less services that are running/accessible, the less potential vulnerabilities there are to exploit.
But sys admins don't want to go around, deny access to services, if those services are in active use.
The non-customer-centric way to work this out is to deny access to a server, see if any customers complain, and consider un-denying access if you have to (e.g. if the customer can't use an alternative service instead).
So the customer-centric way is to work which method is best, per service (webmail, web disk, etc.) to confidently detect which is in (legitimate) active use, and which is not.
So my question to this forum is: what's the best, most authoritative method of detecting which of the above services are in active use (and which accounts are using them), per WHM server?
Reviewing log files, presumably? Specific search strings of specific log files for specific services?
Thanks in anticipation,
Ross