What will you do if you locked out yourself from whm & cpanel?
Hello guys,
I'm going to restrict access to WHM & cPanel for my static IP only. I'm wondering, what should I do if I accidentally locked out myself? because sometimes I have downtime with my broadband provider, so I won't be able to access the internet through my static IP. Is there is any other way, through ssh maybe to remove that lock?
Thank you in advance :)
-
If you're using host access control, then per Yet another approach would be to use a dynamic DNS hostname along with specific rules ( tcp|in|d=22|s=this.hostnamefollowsme.com ) All have their up and downsides. You don't mention if this is a VPS or a dedi, but ideally you'd have access to either console or kvm access to save your bacon in the case of something going completely wrong, that'll depend on your provider though :) 0 -
Thank you for your reply, What I've done is that I added my IP in the csf.allow, and then removed WHM, cPanel & Webmail services' ports from the TCP_IN. I'm not sure what I will do when I get locked out due to internet connection problems and my IP changed. Is there is a command line to reset the TCP_IN to defaults? or to add the removed ports? Many thanks :) 0 -
It is not enough to add IPs to "csf.allow" you can be blocked, look here: [url=http://www.configserver.com/techfaq/faqlist.php?catid=6&faqid=3]ConfigServer.Com Technical FAQ - cPanel Server Management The best way is to use SSH to login with keys and you'll never have problems. If your IP is changed (dynamic not static) you can create a bash script who will check inside your main account (cpanel account) (on cron) for 2 txt files: 1. where you put inside your IP that have to be white listed, will be append to csf.allow / csf.ignore; 2 . where you put inside your IP that have to be removed from white listed, will be removed from csf.allow / csf.ignore; So like this you can add or remove the ip from white list without accessing WHM or in a case that you are blocked. This is just one idea but can be more, and more complex. Regards 0 -
Hello :) Yes, ideally you should have console or KVM access if this is a dedicated server. This way you can always enable/disable services or allow IP addresses in the event your server is unresponsive or has locked you out. Thank you. 0
Please sign in to leave a comment.
Comments
4 comments