Monthly Archives: January 2018

How to enable/disable ModSecurity for your domains in cPanel

In the latest versions of cPanel, you have the ability to disable/enable ModSecurity from your cPanel account.

Notice that you may not have this option enabled in cPanel. Ask your host.

ModSecurity, sometimes called Modsec, is a popular Open-source Web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server, Microsoft IIS and NGINX. It is a free software released under the Apache license 2.0.


cpanel modsecurity

To disable/enable ModSecurity in cPanel:

  1. Go to and log in
  2. Navigate to Security section, look for ModSecurity option
  3. Here you can Disable/Enable ModSecurity for all domains.
    Or, you can choose an individual domain on which to disable/enable ModSecurity. Click the On/Off button.
    When you disable ModSecurity, a notice will be shown:

    Warning: ModSecurity is disabled for one or more of your domains. Only disable ModSecurity while you troubleshoot a problem with your configuration. Without ModSecurity enabled, your domains lose the extra layer of protection that the module provides.

Check our video on this:

If you have any questions, please comment below. We answer to all comments.
Share this post:

cPanel & WHM logs location

On a cPanel web server there are many logs. We made here a list of them:

cPanel, WHM and Webmail
Access logs and user actions /usr/local/cpanel/logs/access_log
Account transfers and misc. logs /var/cpanel/logs
Auditing log (account creations, deletions, etc) /var/cpanel/accounting.log
Backup logs /usr/local/cpanel/logs/cpbackup
Backup transport logs /usr/local/cpanel/logs/cpbackup_transporter.log
Boxtrapper log ~/mail/MAILDIR/boxtrapper/log
Brute force protection (cphulkd) log /usr/local/cpanel/logs/cphulkd.log
Brute force protection (cphulkd) error log /usr/local/cpanel/logs/cphulkd_errors.log
cPanel dnsadmin dns clustering daemon /usr/local/cpanel/logs/dnsadmin_log
cPanel taskqueue processing demon /usr/local/cpanel/logs/queueprocd.log
Dbmapping /usr/local/cpanel/logs/setupdbmap_log
EasuApache build logs /usr/local/cpanel/logs/easy/apache/
Error log /usr/local/cpanel/logs/error_log
Installation log /var/log/cpanel-install.log
License updates & errors /usr/local/cpanel/logs/license_log
Locale database modifications /usr/local/cpanel/logs/build_locale_databases_log
Login errors (cpsrvd) /usr/local/cpanel/logs/login_log
Logs for all incoming requests for cpsrvd /usr/local/cpanel/logs/incoming_http_requests.log
Horde Webmail /var/cpanel/horde/log/
RoundCube Webmail /var/cpanel/roundcube/log/
SquirrelMail Webmail /var/cpanel/squirrelmail/ (nothing logged)
MySQL upgrade log /var/cpanel/logs/mysql_upgrade.log
Panic log /usr/local/cpanel/logs/panic_log
Per-account bandwidth history – cached /var/cpanel/bandwidth.cache/{username}
Per-account bandwidth history human readable /var/cpanel/bandwidth/{username}
Service status logs /var/log/chkservd.log
Tailwatchd log /usr/local/cpanel/logs/tailwatch_log
Update analysis reporting /usr/local/cpanel/logs/update_analysis/{TIMESTAMP}.log
Update (upcp) log /var/cpanel/updatelogs/update.{TIMESTAMP}.log
Webdisk (cpdavd) log /usr/local/cpanel/logs/cpavd_error_log
Website statistics log /usr/local/cpanel/logs/stats_log
cPanel support access /var/cpanel/logs/supportauth/audit.log


FTP transaction log /usr/local/apache/domlogs/
Log for FTP transfers /usr/local/apache/domlogs/ftpxferlog
Login attempts/general info /var/log/messages


Login attempts/general info /var/log/messages


Mail delivery (Exim)
Delivery & receipt log /var/log/exim_mainlog
Incoming mail queue /var/spool/exim/input/
Log of messages rejected based on ACLs or other policies /var/log/exim_rejectlog
Unexpected/fatal error log /var/log/exim_paniclog


Mail retrieval & Spam Protection (Courier, Dovecot, SpamAssassin)
IMAP/POP login attempts, transactions, fatal errors and spam scoring




Logs /usr/local/cpanel/3rdparty/mailman/logs


General information and errors /var/lib/mysql/{HOSTNAME}.err


Log for munin /var/log/munin


Top Memory and CPU Consumers (dcpumon)
Top processes consuming CPU & Memory /var/log/dcpumon/{YEAR}/{MONTH}/{DAY}


Web Server (Apache/httpd)
Apache restarts done through cPanel/WHM /usr/local/cpanel/logs/safeapacherestart_log
Domain access logs /usr/local/apache/domlogs/{DOMAIN}
Mod Security /usr/local/apache/logs/modsec_audit.log
Processing of log splitting /usr/local/cpanel/logs/splitlogs_logs
Suexec audit log /usr/local/apache/logs/suexec_log
suPHP audit log /usr/local/apache/logs/suphp_log
Web server & CGI application error log /usr/local/apache/logs/error_log


The cPanel Log Files

Share this post:

Can I limit bandwidth usage for a subdomain on cPanel?

cPanel doesn’t offer an explicit option to limit the bandwidth usage for a subdomain.

Anyway, you can use a workaround for this situation. You(or your host) can create a separate cPanel account for the subdomain. Having a cPanel account for the subdomain will allow you to set a bandwidth usage limit for it. Like 20000MB, 2000GB etc. (Yes, it’s possible to create cPanel accounts for subdomains.)

If you are processing all requests via a single script, you can limit the bandwidth usage based on site visits. This will not be very accurate.

Related KB article: Use different cPanel accounts for main domain and subdomains

Share this post:

Set up an alternative SMTP port in WHM

Due to abusive users, many Internet Service Providers (ISPs) block SMTP port 25. So you may want to set up another port on your web server instead of the default 25.

SMTP is the acronym for Simple Mail Transfer Protocol, a protocol used to send emails. More info on the Wikipedia page.

We will show you here two ways on how to add another SMTP port in WHM.

Method 1

1.Log into WHM as root

2. Navigate to Service Configuration >> Service Manager

3.Look for Exim Mail Server (on another port) option. Check the two checkboxes – cPanel will enable and monitor this service. Add the desired port(s) in the right field. The notice states: Useful for providers that block port 25 (multiple comma-delimited ports may be added).  

cpanel smtp another port4. Scroll to the bottom of the page and click the Save button. 


Method 2

1.Log into WHM as root

2. Navigate to Service Configuration >> Exim Configuration Manager

3. The Exim configuration page will open. Click on the Advanced Editor top tab.

exim advanced editor tab

4.Look for daemon_smtp_ports option and add your desired port(s). cPanel notice for this option: This option specifies one or more default SMTP ports on which the Exim daemon listens.

daemon smtp ports

5. Scroll to the bottom of the page and click the Save button. 

Instead of adding another SMTP port you can instruct users to use Secure SMTP ports – 465 or 587. Usually these ports are not blocked by IPSs.
Don’t forget to add the new port(s) to the allowed ports in your firewall’s configuration.
Share this post:

How to check if disk quotas work properly

This KB article is intended for CentOS with cPanel servers.

You are selling shared hosting accounts and you want to be sure that your users don’t exceed their disk space quotas? You can easily find if the disk quotas work as expected.

Mainly, as root, you will create a big file size (that added to a user account will exceed (s)he’s quota) and attempt to assign it to a user.  Steps:

  1. Log in to the server as root
  2. Navigate to a user’s home directory (in this example the user is plothost) and create a file of 100M (or 1000M etc). In our test case the plothost‘s plan has 50M space – so, if everything works as expected, we will not be able to add a 100M file.
    root@web [~]# cd /home/plothost/
    root@web [/home/plothost]# 
    root@web [/home/plothost]# dd if=/dev/zero of=test_file bs=100M count=1
    1+0 records in
    1+0 records out
    104857600 bytes (105 MB) copied, 0.527468 s, 399 MB/s
    root@web [/home/plothost]#
  3. Check the ownership of the file
    root@web [/home/plothost]# ll test_file
    -rw-r--r-- 1 root root 104857600 Jan 23 11:25 test_file
    root@web [/home/plothost]#
  4. Now try to assign the test file to the user
    root@web [/home/plothost]# chown plothost:plothost test_file
    chown: changing ownership of 'test_file': Disk quota exceeded
    root@web [/home/plothost]#

    You see the message Disk quota exceeded – this means the disk quota is working fine.

If your disk quotas do not work as expected, please check these cPanel articles:

cPanel – Initial Quota Setup  |   cPanel – How to Fix Quotas

Share this post:
Page 1 of 2
1 2