Skip to main content

How to Change WHM + cPanel Ports?

Comments

7 comments

  • cPRex Jurassic Moderator

    Hey there!  There's no way to change the ports for the cPanel services.  Like any service open to the web, you could add access restrictions through things like Host Access Control to ensure that only authorized users are able to access those areas, and that's the best recommendation I have to help secure those areas.

    0
  • JAB Creations

    Hi Rex. So that's straight up not acceptable. Basic obfuscation greatly reduces hack and spam success. There are 65 thousand ports available, always using the same one makes is wildly easy to determine that WHM and/or cPanel is installed, add the server's IP to a list and continue scanning thousands of servers very quickly for vulnerabilities. I came across a thread where it was possible to change one of the ports. That needs to be restored please. Not everything needs to be a variable though a port number should always be a variable.

    0
  • cPRex Jurassic Moderator

    This has come up before in the past and at this time it's not something we plan to make adjustable on the system.

    0
  • JAB Creations

    Well, can you at least please tell me where the setting is located so I can do this manually?

    0
  • cPRex Jurassic Moderator

    There isn't a setting - this is a core function of the cPanel software and not something that is designed to be changed.

    0
  • JAB Creations

    Rex, I just want you to know that I'm grateful that you come out here and do your best in addressing the questions on the forums. I don't take anything you can't do as a call that you'd ultimately make.

    Here is a thread from a tab a couple strongs ago that referenced a setting that previously existed:

    https://support.cpanel.net/hc/en-us/community/posts/19632609839255/comments/19632603785623

    With cPanel being hacked combined with whoever is running cPanel refusing to improve security that leads me directly to a non-avoidable black flag. I don't know when I'm migrating away from cPanel but it will happen. Maybe one day I will get to hire you for my support team. Thank you for trying your best in a difficult scenario.

    0
  • cPRex Jurassic Moderator

    Thanks so much for the kind words - I do try!!!

    I did confirm we removed that feature quite a while ago and my own testing just now by editing /var/cpanel/cpanel.config confirms it doesn't do anything.

    I spoke with the security team just now and they confirmed that the traditional "security by obscurity" isn't really the best option on modern systems, and there are many other factors on the system that would determine if a server is running cPanel & WHM that targeted attackers would quickly find.

    At this time it doesn't sound like we want to reinstate this option or make that easy to change.  If I thought it would get traction I'd recommend a feature request, but it seems like this isn't something they want to add.

    0

Please sign in to leave a comment.