For cPanel & WHM 54
(Home >> Security Center)
This section of WHM allows you to improve the security on your server.
Apache mod_userdir Tweak — This interface allows you to configure Apache's
mod_userdir
module. This module enables access to a website through a URL that uses thehttp://hostname/~username
format.Note:
We recommend that you restrict this type of access because it allows users to circumvent bandwidth limits.
Compiler Access — This interface allows you to enable or disable compiler access for unprivileged users. Many common attacks require a functional C or C++ compiler on the server.
Note:
Disable these compilers to ensure a more secure server.
- Configure Security Policies — This interface allows you to configure security measures for your server and your account.
- cPHulk Brute Force Protection — This interface allows you to configure cPHulk. cPHulk helps defend your server against brute force attacks. Brute force attack methods involve the use of an automated system to guess your web server's or services' password.
- Host Access Control — This interface allows you to allow or deny clients' access, based on their IP addresses, to specific services.
- Manage External Authentications — This interface allows you to manage the OpenID-compliant authentication providers that your server's users can use to log in to cPanel.
- Manage root's SSH Keys — This interface allows you to add, import, and control SSH keys on your server. The system divides your keys into public and private key sets in two separate lists.
- Manage Wheel Group Users — This interface allows you to add or remove users from the wheel group. The wheel group contains specific users who can execute the
su
command, which allows the user to gainroot
-level access.
- ModSecurity™ Configuration — This interface allows you to configure your ModSecurity™ settings.
- ModSecurity™ Tools — This interface allows you to install and manage your ModSecurity™ rules.
- ModSecurity™ Vendors — This interface allows you to install and manage your ModSecurity™ vendors.
- Password Strength Configuration — This interface allows you to define the minimum password strength for all of cPanel & WHM’s authenticated features.
- PHP open_basedir Tweak — This interface allows you to configure PHP's
open_basedir
directive. This tweak denies users the ability to use PHP to open files outside of their home directory.
- Security Advisor — This interface runs a security scan on your server and advises you about how to resolve any security issues that it finds.
- Security Questions — This interface allows you to define and manage security questions. The system uses security questions when an unrecognized IP address attempts to log in to your account.
- Shell Fork Bomb Protection — This interface allows you to prevent the depletion of server resources by users with terminal access (SSH or Telnet). This depletion of resources can crash your server in a malicious attack known as a fork bomb. Fork bombs start a cascade of small processes that duplicate themselves until they deplete the server's resources.
- SMTP Restrictions — This interface allows you to configure your server so that the mail transport agent (MTA), Mailman mailing list software, and
root
user are the only accounts that can connect to remote SMTP servers. You may want to deny users the ability to bypass your mail server to send mail. This is common practice for spammers.
SSH Password Authorization Tweak — This interface allows you to enable or disable passwords for SSH authentication.
Important:
If you disable passwords, users must use keys when they access your server via SSH.
- Traceroute Enable Disable — This interface allows you to configure the
traceroute
utility on your server. Thetraceroute
utility is a network tool that determines the route that your network traffic uses to reach its destination. - Two-Factor Authentication — This interface allows you to configure an improved security measure that requires two forms of identification to log in.