This document describes some basic security concepts that you can use to protect your system from cross-site request forgeries (XSRF) attacks.
XSRF attacks occur when a malicious user exploits the trust between a website and a user's browser. When a malicious user exploit that trust, they can run unauthorized commands on a website.
XSRF attacks rely on two items:
- Access to authentication credentials.
- Surreptitious execution of a command via a URL.
For more information about XSRF attacks, visit Wikipedia's XSRF article.
Some browsers allow you to flush login credentials. However, do not rely on this method, and it does not exist in all browsers. When a web browser caches login credentials, the credentials become susceptible to XSRF attacks.
For more information, visit our Basic Security Concepts documentation.
Malicious users can steal cookies and use them in XSRF attacks. Most browsers do not provide any protection to mitigate this attack. We provide an option that allows you to validate the incoming IP address as part of the cookie during the authentication process.
On subsequent authentication requests, the server compares the IP addresses to the original values in the cookies. A mismatched value causes an error that results in a re-authentication request.
When you use validated cookies, we recommend that you disable proxy access. If you do not disable proxy access, any attempt to access interfaces via a proxy domain will cause the system to record the local host's IP address (usually
127.0.0.1), which renders IP address validation useless.
- Proxy subdomains
- Proxy subdomain creation
You can also require your users to log in via SSL or TLS to improve your system's security. If users log in to their accounts over ports
2095, the system sends authentication credentials in plain text. The authentication credentials become easy to steal, read, and use again later.
For more information about how to access cPanel & WHM services securely, read our How to Access cPanel & WHM Services documentation.
cPanel & WHM includes security tokens to help combat XSRF attacks. The system inserts unique security tokens into the URL for a single login session. Any requests that a user makes without the appropriate token produce an error and result in a request for re-authentication. This action effectively stops XSRF attacks because the malicious URL will not contain the appropriate token.
Security tokens may cause problems with custom scripts and some third-party applications that integrate with cPanel & WHM. We strongly recommend that you verify that third-party applications are compatible with security tokens before you enable them. If you must use applications that are not compatible with security tokens, we recommend that you use URL referrer checks instead.
URL referrer checks
The HTTP referrer identifies the URL of the page from which a user originated. Referrer checks only function correctly when you enable the blank referrer check, and typically result in a large number of false positive alerts. However, if you must use third-party applications that are not compatible with security tokens, you can use referrer checks in place of security tokens
If you cannot use security tokens on your server, we strongly recommend that you enable the following options in the Security section of WHM's Basic Security Concepts interface (WHM >> Home >> Server Configuration >> Tweak Settings):
- Blank referrer safety check
- Referrer safety check
Weak passwords provide insignificant protection against brute force attacks. Brute force attacks occur when a malicious user guesses the password for a specific account via the trial-and-error message. This process is most often an automated process that uses dictionary terms. Use WHM's Basic Security Concepts interface (WHM >> Home >> Security Center >> Password Strength Configuration) to set your user's minimum password strength.
- We strongly recommend that you set a value of
- The minimum password strength requirement only applies to passwords that cPanel & WHM creates and modifies. A user with shell access may use the
passwdcommand to set a weak password.