Blocking logins but not emails
To further secure root login access to my server, I configured CPHulk to blacklist the entire IP range, then whitelist only a small number of addresses from which logins would be allowed. I thought this controlled logins to WHM and cPanel, controlling administrative access to the server. However, it apparently also forbids personnel on the road from accessing their email accounts, which I did not intend to restrict.
Is there any way to "do what I want" -- lock down administrative access portals while not locking down user access portals?
-
Have you given thought to set up ssh key-based login and disable the password authentication for the SSH?
One, that sounds way out of my comfort zone (I'm barely a hedge wizard); and two, it sounds like something that might seriously inconvenience my hosting provider. 12 hours after doing what I already did, I found my sparse whitelist populated with an additional ~30 IPs/ranges resolving to their own networks and outsourced techs in India.0 -
You can use Host Access Control more details can be found at the below URL
Thank you, this looks promising. How does it interact with CPHulk? Do I need to remove my CPHulk rules after I do this, to avoid contradictions?0 -
Yes, remove the cPHulk rules. 0 -
Thanks @kodeslogic ! 0
Please sign in to leave a comment.
Comments
5 comments