The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

make cpHulk ignore certain services?

Discussion in 'Security' started by rudolfl, Oct 27, 2015.

  1. rudolfl

    rudolfl Member

    Joined:
    Aug 3, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    Hi all,

    I would like cpHulk not to block access to IMAP/POP mail services.
    I only want certain PC's to be able to authenticate for cPanel, ssh, etc.., but I want to be able to check my e-mail from anywhere. At the moment, if I try to access e-mail from IP range in blackllist, I get authentication error.

    Thanks,
    Rudolf
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Host Access Control, will allow you to restrict access to Cpanel, WHM, SSH etc.
    I find that this solution works better from me than CPHulk.

    Create rules in Host Access Contol to allow IP's to the services you want to give them access to, and deny everyone else.
    Host access control will also allow subnets, so for instance my ISP at home is dynamic IP, so I have class c's configured.

    Do not blacklist your IP range in CPhulk, and this may give you the features you require.

    I can access CPANEL, WHM, SSH, FTP from work and home, but from no where else.
    No one else can access these as Host Access Control has denied it.
    I can access email from anywhere in the world.
     
    #2 keat63, Oct 27, 2015
    Last edited: Oct 27, 2015
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. rudolfl

    rudolfl Member

    Joined:
    Aug 3, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    I often use my mobile to access e-mails. It is not practical to white list IP ranges of mobile operators.
    In addition, I travel to China often. And all of China IPs' are blocked by cpHulk, as I see lots of hack attempts from there. I would still like to access my e-mails when I travel.

    Rudolf
     
  5. rudolfl

    rudolfl Member

    Joined:
    Aug 3, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    Just a thought -- is there a way to "whitelist" a device rather than IP?
    Perhaps by exchanging security keys. I always use same PCs/phone to log in.

    Thanks,
    Rudolf
     
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I can access my emails from anywhere in the world.
    However, services like WHM, SSH, FTP & Cpanel are restricted to just a handful of IP's.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There's no such feature, but you are welcome to submit a feature request for this via:

    Submit A Feature Request

    Thank you.
     
  8. rudolfl

    rudolfl Member

    Joined:
    Aug 3, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Melbourne
    cPanel Access Level:
    Root Administrator
    I assume you blacklisted all IPs and whitelisted the ones that are allowed in.
    In my case, attempt to login to check e-mails fail when done from blacklisted IP. Perhaps e-mail authentication should be configured differently?

    Thanks,
    Rudolf
     
  9. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I have no IP blacklist for emails.

    However, I do have a csf rule for failed email logins which is 3 attempts and your ip is blacklisted.
    This works great, with my current csf blacklist file being about 5-6 weeks before rotation.
    In effect blacklisting for about 6 weeks before they get another go.
    Whilst to anyone outside of my environment might think that this is suicidal, there is method in my madness.

    All my email users are office based with no requirement for webmail, and no access to change anything within thier email client.
    So in theory, they can never get the email password wrong.
    Besides, if they did, our static IP is whitelisted anyway so no one else would be affected.
    The bosses have mobile email on thier phones/laptops/tablets, but none of them are not tech savvy enough to know that they even have a password, which just leaves little old me as the single point of failure.

    In Host Access Control I have the following entries (assume xxx is an ip address)

    All xxx.xxx.xxx.xxx Allow
    All xxx.xxx.0.0/255.255.0.0 Allow (this is my home isp dynamic rance of ip's)
    All All Deny

    plus a few other entries for cpanel techs and my datacentre staff
     
Loading...

Share This Page