The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protecting cpanel login

Discussion in 'General Discussion' started by numi, Jul 26, 2006.

  1. numi

    numi Registered

    Joined:
    Jul 26, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    At the moment with cpanel, anyone on the web can type

    www.domain.com/cpanel
    www.domain.com/whm
    www.domain.com/webmail

    This makes it easier for hackers and snoopers to try and access the backend of the site.

    Is there a way to protect a site's cpanel both when cpanel is used on a dedicated as well as shared hosting account, by restrictions in php.ini or .htaccess file so that
    - access to cpanel URL is restricted by IP or something similar, or specifying a custom login area.

    When cpanel is configured, www.domain.cpanel is moreless a redirect to www.domain.com:2082 (or 2083:) but how can this be set so that in any environment including shared accounts, someone without the right IP address cannot see anything when such is typed in?

    Either using modrewrite, or other commands in php.ini or .htaccess or simply having a script that can be placed into each user's account so that if they want to prevent access to cpanle, this can be done.

    Note that unlike preventing access to folders, for shared account users, they cannot prevent access to cpanel in the same way, because it is is not a folder but a port and cpanel simply redirects one to that port.

    This will help make more sites a bit more secure from snoopers
     
  2. Edizon

    Edizon Well-Known Member

    Joined:
    Feb 18, 2003
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    AZ
    Go into the "tweak settings" in "Server Configurations" in WHM. Scroll almost to the bottom in the System fieldset and check

    Disable Http Authentication for cPanel/WebMail/WHM Logins (forces cookie authentication)

    Have a good day
     
  3. numi

    numi Registered

    Joined:
    Jul 26, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thanks,

    What happens after blockking http authentication in WHM? How do i restrict access by cookie - as i am used to restriction only by url or IP
     
  4. fwwebs

    fwwebs Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    329
    Likes Received:
    0
    Trophy Points:
    16
    You can remove these from your httpd.conf. It will force the use of port numbers.
    Code:
    ScriptAlias /cpanel /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAlias /whm /usr/local/cpanel/cgi-sys/whmredirect.cgi
    ScriptAlias /securewhm /usr/local/cpanel/cgi-sys/swhmredirect.cgi
    ScriptAlias /webmail /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/webmail/(.*) /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/kpanel/(.*) /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAlias /controlpanel /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAlias /securecontrolpanel /usr/local/cpanel/cgi-sys/sredirect.cgi
     
  5. JC

    JC Well-Known Member

    Joined:
    Nov 6, 2002
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Wont work.
    /scripts/upcp will restore them :)
     
Loading...

Share This Page