make cpHulk ignore certain services?

rudolfl

Member
Aug 3, 2015
11
0
1
Melbourne
cPanel Access Level
Root Administrator
Hi all,

I would like cpHulk not to block access to IMAP/POP mail services.
I only want certain PC's to be able to authenticate for cPanel, ssh, etc.., but I want to be able to check my e-mail from anywhere. At the moment, if I try to access e-mail from IP range in blackllist, I get authentication error.

Thanks,
Rudolf
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
Host Access Control, will allow you to restrict access to Cpanel, WHM, SSH etc.
I find that this solution works better from me than CPHulk.

Create rules in Host Access Contol to allow IP's to the services you want to give them access to, and deny everyone else.
Host access control will also allow subnets, so for instance my ISP at home is dynamic IP, so I have class c's configured.

Do not blacklist your IP range in CPhulk, and this may give you the features you require.

I can access CPANEL, WHM, SSH, FTP from work and home, but from no where else.
No one else can access these as Host Access Control has denied it.
I can access email from anywhere in the world.
 
Last edited:

rudolfl

Member
Aug 3, 2015
11
0
1
Melbourne
cPanel Access Level
Root Administrator
I often use my mobile to access e-mails. It is not practical to white list IP ranges of mobile operators.
In addition, I travel to China often. And all of China IPs' are blocked by cpHulk, as I see lots of hack attempts from there. I would still like to access my e-mails when I travel.

Rudolf
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I can access my emails from anywhere in the world.
However, services like WHM, SSH, FTP & Cpanel are restricted to just a handful of IP's.
 

rudolfl

Member
Aug 3, 2015
11
0
1
Melbourne
cPanel Access Level
Root Administrator
I can access my emails from anywhere in the world.
However, services like WHM, SSH, FTP & Cpanel are restricted to just a handful of IP's.
I assume you blacklisted all IPs and whitelisted the ones that are allowed in.
In my case, attempt to login to check e-mails fail when done from blacklisted IP. Perhaps e-mail authentication should be configured differently?

Thanks,
Rudolf
 

keat63

Well-Known Member
Nov 20, 2014
1,916
263
113
cPanel Access Level
Root Administrator
I have no IP blacklist for emails.

However, I do have a csf rule for failed email logins which is 3 attempts and your ip is blacklisted.
This works great, with my current csf blacklist file being about 5-6 weeks before rotation.
In effect blacklisting for about 6 weeks before they get another go.
Whilst to anyone outside of my environment might think that this is suicidal, there is method in my madness.

All my email users are office based with no requirement for webmail, and no access to change anything within thier email client.
So in theory, they can never get the email password wrong.
Besides, if they did, our static IP is whitelisted anyway so no one else would be affected.
The bosses have mobile email on thier phones/laptops/tablets, but none of them are not tech savvy enough to know that they even have a password, which just leaves little old me as the single point of failure.

In Host Access Control I have the following entries (assume xxx is an ip address)

All xxx.xxx.xxx.xxx Allow
All xxx.xxx.0.0/255.255.0.0 Allow (this is my home isp dynamic rance of ip's)
All All Deny

plus a few other entries for cpanel techs and my datacentre staff