The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Securing cPanel - WHM

Discussion in 'General Discussion' started by wonker, Jun 29, 2008.

  1. wonker

    wonker Active Member

    Joined:
    Dec 5, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    3
    Hello, I've just completed all the steps here : http://blog.cpanel.net/?p=60

    However there is still on thing that doesn't seem very secure ... :

    Logging into WHM with root user and simple password !

    It's all very well securing SSH as it recieves the most password attacks however what is the best way to secure WHM? I don't like logging into WHM with root user... Is there a way to disallow root logins on WHM giving another user the rights, or is it possible to also use RSA keys or similar for logging into WHM?

    Thanks in advance :)
     
  2. SpiritAu

    SpiritAu Active Member

    Joined:
    Feb 23, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Aussie Land!
    Create an account say admin.com and username admin than setup that as a reseller with root pervious and problem solved :)

    Otherwise force WHM to redirect to the SSL location and any username/password data will be sent over 256bit SSL.
     
  3. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Good solution, thank you Spirit.
     
  4. wonker

    wonker Active Member

    Joined:
    Dec 5, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    3
    Thankyou,

    That saves me from logging in as root, but does not stop someone else from signing in as root.

    Is there a was to disallow root login to cPanel, a bit like with SSH?
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    cPHulk in Security Section of WHM can help, this can help even more:
    http://www.configserver.com/cp/csf.html

    Limiting the number of failed login attempts is a great suggestion to run with there.
     
Loading...

Share This Page