Private cPanel and WHM
Since we are a small team (just a few of us), is it possible to run WHM and cPanel out of the public eye with private access only! (we are not selling hosting so no customers).
If that is NOT possible, can we change the WHM and cPanel default ports?
-
Hi, You can use it and you can restrict all the public access if you want.. 0 -
Hi, thanks... but its not that we want to restrict access we already do that. Its that the access is there in the first place. I thought about getting a private IP and doing it that way but it would still face the public, and a private static ip is 500 bucks so not possible. Eventually we will prob end up putting it on our ESXI server and having only inhouse access. 0 -
Hi @durangod You could use Host Access Control a limit access to WHM/cPanel to specific IP addresses. You could also implement a firewall rule to limit access to ports 2087,2086,2083,2082 to your IP's only so when someone else attempts to access over those ports they'll just get a timeout. An example IP tables rule for port 2087 might be: iptables -A INPUT -p tcp --dport 2087 -s 1.2.3.4 -j ACCEPT iptables -A INPUT -p tcp --dport 2087 -j DROP
The first one here allows access over port 2087 for IP 1.2.3.4 The second rule blocks access for 2087 for all other IP's Thanks!0 -
ok thanks, ill see what i can do about getting a static ip, that seems to be the only way... :) appreciate it. Can the ip be set up as a range rather than just one ip? Im thinking i can watch my ip and see if the main octets are the same when verizon changes it. 0 -
Hi @durangod Ahh, yea that would be necessary for the Iptables rule to work. Ultimately it would be required for any sort of filtering though, your IP identifies you and it's the only way to determine whether or not you have access to something. You can definitely set up the iptables rule to a range of IP's but keep in mind when you're doing that you're allowing a range of Verizon IP's - that could equate to thousands of people. 0 -
Understood, but thousands is better than kazillions lol.... how do you eat an elephant, one bite at a time :) 0 -
I might be onto something here but maybe "not"... And the reason "not" is that what i would like to apply this to is above the public_html. So today i set up a password protected test environment via cpanel password protection feature. And when the password box displays it does not display the source page of the target until you get the password correct. This started me thinking why cant do this or something similar with whm or cpanel. Such as password protect whm and cpanel folders or the login file, so that the system can use them, however when someone types in the whm or cpanel browser access then they need to answer a password before the page ever loads. Possible? 0 -
So you want to provide a username and password dialogue in front of the page that displays a username and password dialogue ? I see the motivation for not displaying the page before the first set of usernames and passwords have been successfully entered, but this is an example of security by obscurity, and my opinion is that you would be much better off limiting the logins using something like static IPs and firewall and/or host access control rules. You can set up CSF/LFD to anything down to "one strike and your out" for login attempts, so even your legitimate users on dynamic IP's are protected. I don't recommend a "one strike" policy, it will annoy the users when they inevitably incorrectly type in their long and complex (Because you insisted on that didn't you?) passwords :-D At the end of the day, the only truly secure server is one that is encased in concrete and sits at the bottom of an ocean. 0 -
This started me thinking why cant do this or something similar with whm or cpanel.
You can: Two-Factor Authentication for cPanel - Version 74 Documentation - cPanel Documentation Two-Factor Authentication for WHM - Version 74 Documentation - cPanel Documentation0 -
Thank you both.... well i dont have an ocean but i have a really nice big bass lake here in Texas.... :) This install is just mine and just for me so i am the only user that will ever be on this machine. Which is good for security but very bad when you want to blame someone else for the screw up lol :) I was just thinking hey wouldn't be nice to be able to keep the login pages for whm and cpanel from even loading unless you had a correct username and password. That would certainly cut the at least some of the mustard when it comes to security. I also tried some things from CF (cloudflare) they do have some firewall features that might help but there are two downsides, one is that they are not free (which i would pay for if they actually worked), but then the other downside is that i would have to have the hostname and whm go through CF and it does not work that way. I will look at the two factor logins, that sounds like something i need, and it works then great i can stop searching. But if not then, i keep thinking if whm and cpanel can present a browser page then there has to be a way to toss up a username and password block before that page loads, either as a bash command (such as password a linux folder) or doing so by htaccess or some other method. But ill check the 2 factor first... Thanks all 0 -
WOW that 2FA is horrible to set up if your not used to it and slow with numbers and pressed for time as you only have so much time to put in the code. Took me about 10 tries and i ended up with a main code then xx(1) and xx(2) for my address lmao so i dont know which one to use.... but i did get it set up in WHM so ill try it. OK it works :) 0 -
nice find rpvw, thats pretty complicated stuff though, i better not mess with that.. :) One note here, 2FA option didnt show up on my cpanel until i rebooted the server. :) 0
Please sign in to leave a comment.
Comments
13 comments