The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Securing whm (dns-only)

Discussion in 'Bind / DNS / Nameserver Issues' started by ManuelT, Jun 9, 2009.

  1. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    just trying to properly secure a new installation of cpanel DNS only and wanted to check.


    1. Is stopping the external mySQL port 3306 ok via adding skip-networking to /etc/my.cnf as I couldn't find much about it.
    2. how can i stop people logging on over insecure ports :2086

    Many thanks in advance.
     
  2. chinmay

    chinmay Well-Known Member

    Joined:
    Jul 22, 2008
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    localhost
    If you do not want the ports 2086 and 3306 accessible, you can block the ports in the server firewall (preferably csf).
     
  3. ManuelT

    ManuelT Well-Known Member

    Joined:
    Sep 30, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Why would I want to firewall a service that I can switch off. Firewalls are great but they shouldn't be used as a replacement for good systems admin.

    As i said i already had switched 3306 off by using skip-networking
    How do i disable port 2086 without using a firewall
     
  4. PlatinumServerM

    PlatinumServerM Well-Known Member
    PartnerNOC

    Joined:
    Jul 10, 2005
    Messages:
    397
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    New Jersey, USA
    cPanel Access Level:
    Root Administrator
    Specifically regarding port 2086, that is standard and hardcoded into whm. There is no separate way to shut off the port for whm. Blocking it in the firewall should be sufficient and would block all accesses to that port.
     
  5. chinmay

    chinmay Well-Known Member

    Joined:
    Jul 22, 2008
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    localhost
    yep.. firewall's are the best options to block the ports which are standard and hardcoded.
     
Loading...

Share This Page