Skip to main content

Protections in addition to CP Hulk

Comments

7 comments

  • acenetgeorge
    1) A firewall such as csf would be helpful, but it looks like you are not set up to run iptables. 2) blacklisted IP addresses are completely blocked. That they are 'attempted' hacks means you are catching some of them. I would start by disabling WHM for users, unless you have resellers. You can do this by only allowing your IPs to access whostmgrd under Host Access Control.
    0
  • lossless
    Thank you George!
    0
  • cPanelMichael
    Hello, Yes, as mentioned, the "Host Access Control" option is a good idea if you have a specific set of IP addresses that you want to allow access to. The option allows you to allow those IP addresses and block all others for specific services. Thank you.
    0
  • lossless
    OK, set Host Access Control to just allow 4 IP addresses. So now at least we're not seeing anyone trying to get in with root access. Small success - thanks! Please bear with me on two+ follow up questions... we're still seeing about 25+ attempts per day - but now they are all on pure-ftpd, exim, cpaneld and pop3. Any suggestions besides CP Hulk? Would it make sense to whitelist our 4 ip addresses and then deny access to cpanel, ftp etc. for all other IP's in the host manager? Is there anything in there that would cause problems if I "deny" access to everything but these IP's? I assume if we denied all IP's, I'd have to whitelist our emailer provider's (Gmail) IP? Last, it seems we have courier, so CPHulk may not work vs. on Dovecot? Short of switching servers (which I'm becoming inclined to do), do you have any other suggestions? Thanks again for all your advice.
    0
  • cPanelMichael
    Hello, 1. I suggest enabling it for FTP, cPanel, POP3, IMAP, but not for Exim (it's not even an option). Note that to control access to the ftpd daemon, you must use the ProFTPD FTP server. Pure-FTP does not support TCP wrappers. 2. To control access to the POP3 or IMAP services, you may use either the Courier or Dovecot mail servers. However, I suggest using Dovecot, as it's what's installed by default and it's recommended for use with cPanel over Courier. Thank you.
    0
  • lossless
    Done! Last question (at least for now)... do I need to whitelist gmail and hotmail servers to have POP access via gmail and hotmail? Am wondering if I set POP3 to "deny all" whether it will deny access from those IP's. Thanks again!!!
    0
  • cPanelMichael
    Done! Last question (at least for now)... do I need to whitelist gmail and hotmail servers to have POP access via gmail and hotmail? Am wondering if I set POP3 to "deny all" whether it will deny access from those IP's. Thanks again!!!

    Yes, you should whitelist any IP address that you want to access POP3 or IMAP. Note that if you plan to use Google or Hotmail to access your server with POP3 or IMAP, then you will need to whitelist a broad range of IP addresses that they use to connect with. Thank you.
    0

Please sign in to leave a comment.