Skip to main content

WHM with CSF

Comments

3 comments

  • cPanelMichael
    Hello, I recommend configuring SSH on a different port to reduce the number of brute force attempts. We have a guide on this at: How to Secure SSH - cPanel Knowledge Base - cPanel Documentation Regarding CSF configuration, the following document offers a list of ports you may want to block in your CSF configuration: How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation Host Access Control is useful for controlling access to services where the port must remain open (e.g. cPanel, WHM, Webmail). Thus, if you wanted to only allow access to cPanel from specific IP addresses, you could use Host Access Control for that purpose. It's documented at: Host Access Control - Documentation - cPanel Documentation Thank you.
    0
  • webcto
    Thank you Michael - very useful links. I have already studied them :-) That's is why this question came up. Just to re-confirm: CSF could be considered as the 'first layer' of protection and Host Access Control (HAC) as 2nd? For example, if host control allows ssh port (i.e. 26) exclusively for a root's IP (x.x.x.x) but CSF keeps the port (i.e. 26) open as TCP_In/Out the attacks will follow and CSF shall be tracking them down? Or will the Host Access Control refuse the attacker to use the service (because the attacked is not in the list of (HAC)? Or will both events happen? And the other case would be: If CSF blocks the 22 totally (not in TCP_IN/OUT) list and WHM HAC does allow a root's IP (x.x.x.x) to use sshd while sshd is configured to 22nd port. Will root's IP (x.x.x.x) be in position to use sshd (presumably not as CSF will block all in/out to that port). Thanks a lot!
    0
  • cPanelMichael
    Hello, I wouldn't necessarily say CSF is a first layer of protection and Host Access Control is a second layer of protection. Each can somewhat do the same thing, but in different ways. The following third-party URL offers a good explanation of the differences: What is the difference between securing a linux box using hosts.[allow|deny] vs iptables? Thanks!
    0

Please sign in to leave a comment.