Archives

Configure security questions for WHM login

For enhanced login security to Web Host Manager(WHM), you can setup security questions.

1.Go to WHM->Security Center->Security Questions

2. Click the Edit Questions and Answers button to set up the questions and answers.

WHM Security Questions QA

Please notice that you can’t use one, two or three questions. You must use all four questions and answers.
Each answer/question must be at least 2 characters long.

The predefined security questions are:

What is your primary frequent flyer number?
What is your library card number?
What was your first phone number?
What was your first teacher’s name?
What is your father’s middle name?
In what city was your high school?
What was the name of your first boyfriend or girlfriend?
What is your maternal grandfather’s first name?
What is your maternal grandmother’s first name?
In what city were you born (Enter full name of city only)?
What was the name of your first pet?
What was your high school mascot?
How old were you at your wedding (Enter age as digits)?
In what year (YYYY) did you graduate from high school?
In what city did you honeymoon (Enter full name of city only)?
What is the first name of the best man/maid of honor at your wedding?
What is your mother’s middle name?
In what city were you married?
In what city is your vacation home?
What is the first name of your first child?
What is your paternal grandfather’s first name?
What is your paternal grandmother’s first name?
What is the name of your first employer?
When is your wedding anniversary (Enter the full name of month)?
What is the first name of the best man/maid of honor at your wedding?
In what city was your mother born (Enter full name of city only)?
In what city was your father born (Enter full name of city only)?

3. Click the Continue button. Your questions and answers will be saved.

4. Go to WHM->Security Center->Configure Security Policies and check the option Limit logins to verified IP addresses option. Click the Save button. WHM Security Questions Policy WHM will ask for security questions only when you connect from a new IP. Each IP from which you successfully signed in will be added to a list of Recognized IPs for “root”. You will not have to enter again the answers to the security questions.

5. From now on, after entering the correct username and password you will be asked for answers to the security questions. WHM Security Questions List

6.1 Entering the correct answers, you will see a message : You have answered your security questions correctly. WHM Security Questions Success

6.2 Entering the wrong answers, you will see a message : The system has registered a brute force attempt on security questions for the account “root”. As the message says, the cPHulk Brute Force Protection will be triggered (if it’s enabled). WHM Security Questions Fail

7. If you want to see the list of Recognized IPs go to WHM->Security Center ->Security Questions and lick the Add or Remove Recognized IP Addresses button.

WHM Security Questions IP Tool

If you forget your WHM security answers:

  1. Connect via SSH to your server as root
  2. Go to file /var/cpanel/cpanel.config. Edit the file.
  3. Change the line
    SecurityPolicy::SourceIPCheck=1

    to

    SecurityPolicy::SourceIPCheck=0
  4. Now run the command:
    /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
  5. You should be able to login again to WHM.

If you want to remove the security questions, just delete the file /var/cpanel/userhomes/cpanel/.cpanel/ securitypolicy/questions/root.json

Share this post:

Whitelist an IP in CSF for remote MySQL connections

ConfigServer Security & Firewall (csf) is a popular firewall for Linux web servers. Many cPanel web servers use it. By default, the csf is configured to block incoming connections to MySQL port, which is 3306.
But you have a client that requires a direct connection to the MySQL server. What can you do? Opening the port 3306 to public is not a very good idea. You can set up a rule in csf to allow incoming connections to MySQL from specific IP(s).

 

csf WHM Interface
csf WHM Interface

For this you will need to edit the file /etc/csf/csf.allow

####################### ########################## # Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ########################## # The following IP addresses will be allowed through iptables.
# One IP address per line.
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
# Only list IP addresses, not domain names (they will be ignored)
#
# Advanced port+ip filtering allowed with the following format
# tcp/udp|in/out|s/d=port|s/d=ip
# See readme.txt for more information
#
# Note: IP addressess listed in this file will NOT be ignored by lfd, so they
# can still be blocked. If you do not want lfd to block an IP address you must
# add it to csf.ignore

 

Add the following lines to the file /etc/csf/csf.allow (replace 192.168.1.0 with the desired IP):

tcp|in|d=3306|s=192.168.1.0
udp|in|d=3306|s=192.168.1.0

Restart csf and that IP will be able to connect to MySQL/MariaDB server.

Share this post:

Whitelist Google, Bing, Yahoo, Yandex, Baidu bots in csf and mod_security

ConfigServer Security & Firewall or csf for short is a popular firewall solution for cPanel servers. Combined with some good rules for mod_security, it does a great job.
To prevent csf temporary/permanently blocking the IPs of good bots you should edit the file /etc/csf/csf.rignore

####################### ##########################
# Copyright 2006-2017, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
####################### ##########################
# The following is a list of domains and partial domain that lfd process
# tracking will ignore based on reverse and forward DNS lookups. An example of
# its use is to prevent web crawlers from being blocked by lfd, e.g.
# .googlebot.com and .crawl.yahoo.net
#
# You must use either a Fully Qualified Domain Name (FQDN) or a unique ending
# subset of the domain name which must begin with a dot (wildcards are NOT
# otherwise permitted)
#
# For example, the following are all valid entries:
# www.configserver.com
# .configserver.com
# .configserver.co.uk
# .googlebot.com
# .crawl.yahoo.net
# .search.msn.com
#
# The following are NOT valid entries:
# *.configserver.com
# *google.com
# google.com (unless the lookup is EXACTLY google.com with no subdomain
#
# When a candidate IP address is inspected a reverse DNS lookup is performed on
# the IP address. A forward DNS lookup is then performed on the result from the
# reverse DNS lookup. The IP address will only be ignored if:
#
# 1. The results of the final lookup matches the original IP address
# AND
# 2a. The results of the rDNS lookup matches the FQDN
# OR
# 2b. The results of the rDNS lookup matches the partial subset of the domain
#
# Note: If the DNS lookups are too slow or do not return the expected results
# the IP address will be counted towards the blocking trigger as normal
#

Add the following lines to /etc/csf/csf.rignore file:

.googlebot.com
.crawl.yahoo.net
.search.msn.com
.google.com
.yandex.ru
.yandex.net
.yandex.com
.crawl.baidu.com
.crawl.baidu.jp

csf is blocking IPs when a host is blocked for a number of times by a mod_security rule. So, we must go to the root of the problem – we will create mod_security rules to allow good bots.
For this, we will edit the mod_security .conf files. If you are using cPanel EasyApache 4, add the following lines to the file /etc/apache2/conf.d/modsec/ modsec2.user.conf

HostnameLookups On
SecRule REMOTE_HOST "@endsWith .googlebot.com" "allow,log,id:5000001,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .google.com" "allow,log,id:5000002,msg:'googlebot'"
SecRule REMOTE_HOST "@endsWith .search.msn.com" "allow,log,id:5000003,msg:'msn bot'"
SecRule REMOTE_HOST "@endsWith .crawl.yahoo.net" "allow,log,id:5000004,msg:'yahoo bot'"
SecRule REMOTE_HOST "@endsWith .yandex.ru" "allow,log,id:5000005,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.net" "allow,log,id:5000006,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .yandex.com" "allow,log,id:5000007,msg:'yandex bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.com" "allow,log,id:5000008,msg:'baidu bot'"
SecRule REMOTE_HOST "@endsWith .crawl.baidu.jp" "allow,log,id:5000009,msg:'baidu bot'"

After adding these lines, please restart the Apache Web Server. After some time, you will see entries in the server logs. Just go to WHM->Security Center->ModSecurity™ Tools->Hits List or from the command line:

root@web [/]# grep "500000" /usr/local/apache/logs/error_log | tail -30

 

cPanel Mod_Security Logs
cPanel Mod_Security Logs

Resources:
https://webmasters.googleblog.com/2006/09/how-to-verify-googlebot.html
https://yandex.com/support/webmaster/robot-workings/check-yandex-robots.xml
https://www.bing.com/webmaster/help/how-to-verify-bingbot-3905dc26
https://github.com/SpiderLabs/ModSecurity/wiki/

Share this post:

How to check if a domain is on the server

You have a lot of domains and you want to quickly check if a domain exists on the server. Just run the shell command: grep yourdomain /etc/userdomains

root@web [~]# grep demo.plothost.com /etc/userdomains
demo.plothost.com: plothost
root@web [~]#

In this case, the domain “demo.plothost.com” exists and it belongs to user “plothost”.

You may also want to know if the domain resolves to your server/IP. Use:

root@web [~]# dig demo.plothost.com

; <<>> DiG 9.9.0-RedHat-9.9.0-38.el7_3.2 <<>> demo.plothost.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30116
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;demo.plothost.com.             IN      A

;; ANSWER SECTION:
demo.plothost.com.      5388    IN      A       162.255.100.100

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 20 04:11:52 PDT 2017
;; MSG SIZE  rcvd: 62

root@web [~]#

If the domain has an cPanel account you can search for it in WHM -> Account Information -> List Accounts.

WHM Search Account
WHM Search Account

On all our reseller plans you can host an unlimited number of domains. Check the offer here.

Share this post:

How to restart cPanel/WHM

Ever wanted to restart the cPanel/WHM system ? There is no need to restart your operating system. You can restart only the cPanel/WHM system via a simple command.
You need to be logged in as root via SSH. Execute the following command :

# /etc/init.d/cpanel restart

If you need any assistance please contact your host.

Share this post:
Page 8 of 9
1 6 7 8 9