One of the common problems while managing WHM/CPanel based hosting is blacklist access into WHM/CPanel due to CPHulk plugins. CPHulk activated by default on WHM (if you choose Yes while initial setup) and and serves as a blacklist software just like Fail2ban or Denyhost to prevent logon services from spammers/crackers.
The problem is, sometimes CPHulk can not determines which normal access and which aren’t. Consequently even our legitimate IP could be blacklisted or could not logged in as root due too many failures. 🙁 . Why? Because cracker would trying to choose random password and CPHulk will automatically reject root login after a few login attempts
in addition to closing the recommended port, there is also the easiest way to anticipate this kind of problem,by doing WHM access limit/WHM login page access protection. To do so, run the following procedure :
- Login to WHM login page, enter your user name and password
- In the Security Center group menu, click Host Access Control menu
- On the Daemon, select Whostmgrd daemon. It is a daemon application for WHM. We can also choose to protect SSH (SSHD) daemon or CPaneld daemon for CPanel.
- In the Access List, enter the IP or IP range that is allowed to access. Write down the full subnet, for example, to network segment 188.8.131.52/29 means to enter the IP 184.108.40.206/255.255.255.248.Configure it as 220.127.116.11/29 will not work because WHM will only accepting full network subnet.if you asked me, why using 18.104.22.168/255.255.255.248 and not 22.214.171.124/255.255.255.248 instead, then you should take IP subnet course 😛
- In the Action section select “Allow”
- Do the same thing to another IP segment which will be allowed
- At the bottom, Select Daemon = Whostmgrd, Access List = ALL and Action = Deny. Means that other than registered IP will not be allowed
- When finished, click the “Save Host Access List”
- Perform WHM access from the allowed IP and from outside registered IP list
For those who are accustomed to dealing with Linux servers, the above process basically does limit access by adding a rule in the file /etc/hosts.allow 🙂