Securing cPanel/WHM using URL parameters
Hi there.
I'm looking to do some security on my VPS and am wondering if it is possible to make cPanel and WHM reject any requests to load the login page if a specific url parameter is not specified (something like ?valid_request=1&referrer=thespecifiedreferred). Is this something I can do with cPanel or would I need to do that at the VPS level?
I ask about this because I'm getting the odd email from cPHulk Daemon where people are randomly brute forcing my cPanel (luckily not my WHM link), but I would definitely like to see if I can secure both portals with URL parameters (that obviously aren't known to the outside world), and a randomly generated session code if the parameters are given).
Thanks!
-
You can secure it with Two-Factor Authentication: Two-Factor Authentication - Documentation - cPanel Documentation 0 -
Hi @Infopro I'm already making use of 2FA for the WHM account, but my main cPanel account is also accessed by another user (that I trust) so I cannot use 2FA on that account. Therefore, I'd like to be able to add URL parameters to prevent people just "guessing" the cPanel link and trying to brute force the account. Thanks. 0 -
I'm not aware of any URL parameters to use for this purpose. 0 -
@Infopro My intention was to write some script that would be loaded first before the cPanel login with my own URL parameters that would be required. When I specified any parameters, the cPanel login broke, so my script would also need to have compatibility with the login form that cPanel uses. That way, people won't be able to reach the cPanel or WHM login pages at all to attempt brute forcing the accounts unless they've got a valid link to the page. 0 -
Hello, I don't believe what you are describing is supported. However, information API authentication methods is available at: ? Thank you. 0 -
@cPanelMichael Thanks for the link for the API.. Host Access Control is impossible, I am on a residential broadband package with an IP that changes on every "disconnection", so HAC would just get me locked out of the panel when the IP changes. 0
Please sign in to leave a comment.
Comments
6 comments