How to Change WHM + cPanel Ports?
So after the somewhat recent WHM hack earlier this year I need to change the port numbers for both WHM and cPanel. After I moved a year ago I discovered our new ISP was not blocking local desktop ports like the previous ISP and made several changes to layer security against bots. Since there there hasn't been a single bot request to MariaDB or Apache in my logs on my local WAMP server. I also log everything on the live server for my platform and see constant stream of dumb bots either scanning for third party vulnerabilities or just outright presuming those vulnerabilities exist and POST(ing) data right off the bat. So changing the default port numbers for both WHM and cPanel significantly reduces the attack vector. I'm sure there are "advanced" things like port sniffing/scanning but the majority of bots are dumb, lazy and looking for the quickest bang for the buck.
-
Hey there! There's no way to change the ports for the cPanel services. Like any service open to the web, you could add access restrictions through things like Host Access Control to ensure that only authorized users are able to access those areas, and that's the best recommendation I have to help secure those areas.
0 -
Hi Rex. So that's straight up not acceptable. Basic obfuscation greatly reduces hack and spam success. There are 65 thousand ports available, always using the same one makes is wildly easy to determine that WHM and/or cPanel is installed, add the server's IP to a list and continue scanning thousands of servers very quickly for vulnerabilities. I came across a thread where it was possible to change one of the ports. That needs to be restored please. Not everything needs to be a variable though a port number should always be a variable.
0 -
This has come up before in the past and at this time it's not something we plan to make adjustable on the system.
0 -
Well, can you at least please tell me where the setting is located so I can do this manually?
0 -
There isn't a setting - this is a core function of the cPanel software and not something that is designed to be changed.
0 -
Rex, I just want you to know that I'm grateful that you come out here and do your best in addressing the questions on the forums. I don't take anything you can't do as a call that you'd ultimately make.
Here is a thread from a tab a couple strongs ago that referenced a setting that previously existed:
https://support.cpanel.net/hc/en-us/community/posts/19632609839255/comments/19632603785623
With cPanel being hacked combined with whoever is running cPanel refusing to improve security that leads me directly to a non-avoidable black flag. I don't know when I'm migrating away from cPanel but it will happen. Maybe one day I will get to hire you for my support team. Thank you for trying your best in a difficult scenario.
0 -
Thanks so much for the kind words - I do try!!!
I did confirm we removed that feature quite a while ago and my own testing just now by editing /var/cpanel/cpanel.config confirms it doesn't do anything.
I spoke with the security team just now and they confirmed that the traditional "security by obscurity" isn't really the best option on modern systems, and there are many other factors on the system that would determine if a server is running cPanel & WHM that targeted attackers would quickly find.
At this time it doesn't sound like we want to reinstate this option or make that easy to change. If I thought it would get traction I'd recommend a feature request, but it seems like this isn't something they want to add.
0
Please sign in to leave a comment.
Comments
7 comments