One way I can think of doing this is using Host Access Control in the WHM interface.I tried searching on Google and here but did not find a way to do this yet. Is it possible to restrict access to WHM by IP address? Only allowing IP's from my country/state and denying all other world IP's?
Daemon Access List Action Comment whostmgrd YourIP allow whostmgrd all deny
This issue looks like it will be best addressed by the Security Policy functionality we are introducing in 11.26 (currently designated 11.25.1).Hello,
Thank you for your answer.
And this should restrict the access to whm ONLY for root?
I don't want the other users/resellers to be affected.
For this I would also recommend adding the following option and store security questions and answers as encrypted values or have the ability to disable this option. As the secret question is now becoming a problem due to it being the same thing for many services and easier to guess by social engineering then a password is now.
2. Have a list of cPanel,WHM, FTP, SFTP/SSH logins in the Security Center (label it Login Logs) for the system administrators. Maybe having an option to clear the logs after x amount of months but nothing set by default.Attention [username],
An attempt to login to your account from the following address was not allowed due to the address not being on your whitelist.
To authorize the IP to login to your account please use the following link:
If this is an unauthorized iP please contact support and report the issue.