Is it hard to disable functions in cpanel?

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
I was thinking about just using cpanel for a VPS or dedicated server that I will be getting soon. When I was reading on some websites they said that you can disable unwanted functions in cpanel but they didn't say how.

Is it hard to disable functions in cpanel?

Is this easy to do?
 

gagah

Well-known member
Registered
Joined
Jan 21, 2017
Messages
86
Points
0
I was thinking about just using cpanel for a VPS or dedicated server that I will be getting soon. When I was reading on some websites they said that you can disable unwanted functions in cpanel but they didn't say how.

Is it hard to disable functions in cpanel?

Is this easy to do?
No it's not hard, anything that's related to cpanel is well documented and pretty much point and click. I'd be more worried about configuring and hardening the server itself rather than dealing with cPanel to be honest.
 

ulterios

Well-known member
Registered
Joined
Nov 25, 2015
Messages
481
Points
0
ulterios
Does cPanel itself cause any inherent security holes by using it?
 

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
I will also agree with not using cPanel.

In terms of holes...that's more of a security issue of how well the server is secured. With or without a panel, there can be issues if not done properly.

But with cPanel..if the needs can be met without it. Not only does it save you money...but installing the services you need is more efficient than having everything installed, and the taken them back out. At times cPanel may "complain" when things are taken out.
 

ulterios

Well-known member
Registered
Joined
Nov 25, 2015
Messages
481
Points
0
ulterios
Ok, I was thinking that the other member meant that there were security holes that were a result of using cPanel. ;)
 

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
No it's not hard, anything that's related to cpanel is well documented and pretty much point and click. I'd be more worried about configuring and hardening the server itself rather than dealing with cPanel to be honest.
Thanks for the help. I have been looking into the configuring and hardening aspects and there is a lot more to learn than I thought that there would be. Hopefully I will get it figured out. Any advice on where to start learning about the best practices for these?

I will also agree with not using cPanel.

In terms of holes...that's more of a security issue of how well the server is secured. With or without a panel, there can be issues if not done properly.

But with cPanel..if the needs can be met without it. Not only does it save you money...but installing the services you need is more efficient than having everything installed, and the taken them back out. At times cPanel may "complain" when things are taken out.
I have been looking at what security measures need to be looked into and taken care of. Any advice as to where to start looking?
 

gagah

Well-known member
Registered
Joined
Jan 21, 2017
Messages
86
Points
0
gagah
At first it's best to follow your OS guidelines, for example debian & centos both have a hardening guidelines on their site. But if you want something quick & fast, using tutorials provided by VPS providers will do just fine for basic hardening. Like this for example: https://www.linode.com/docs/security/securing-your-server

For more advanced stuff it will depend on your application and server configuration
 

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
Are you try in general to just harden the server down from attacks?.

Or you looking to stop unwanted services that you dont need to use within cPanel?
 

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
Are you try in general to just harden the server down from attacks?.

Or you looking to stop unwanted services that you dont need to use within cPanel?
A little of both I guess. Are there certain things that should always be disabled in general or is it just basically depending on each persons needs? I mean are there certain things that should be disabled by default unless they are needed?


At first it's best to follow your OS guidelines, for example debian & centos both have a hardening guidelines on their site. But if you want something quick & fast, using tutorials provided by VPS providers will do just fine for basic hardening. Like this for example: https://www.linode.com/docs/security/securing-your-server
I didn't know they had hardening guidelines on their sites. Would those be in the support sections or should I just search Google?
 

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
HostYourNet-DR
I would also block ports that you do not needs within the CPanel firewall or the OS firewall.
As cPanel has a list of the port that it uses for all hosting types and just block the rest.
I do that so I've had little errors.
 

gagah

Well-known member
Registered
Joined
Jan 21, 2017
Messages
86
Points
0
I didn't know they had hardening guidelines on their sites. Would those be in the support sections or should I just search Google?
Centos:
Debian:
There's also tools such as Lynis (https://cisofy.com/lynis/) to audit the security of your servers. You need to have knowledge of what you're changing if you're following recomendations from Lynis though, some of their recommendations might break something on your server.
 

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
There's also tools such as Lynis (https://cisofy.com/lynis/) to audit the security of your servers. You need to have knowledge of what you're changing if you're following recomendations from Lynis though, some of their recommendations might break something on your server.
Thanks. I haven't heard of these before. Are these tools free or paid?

I would also block ports that you do not needs within the CPanel firewall or the OS firewall.
As cPanel has a list of the port that it uses for all hosting types and just block the rest.
I do that so I've had little errors.
Thanks. Is that list on the cpanel website or in the cpanel control panel itself?
 

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
HostYourNet-DR
This is a firewall guide i use when i need/have to rebuild or install and WHM on centos 6,

Port Protocol Status Service Service Name
20 TCP-UDP I/O I/O FTP File Transfer (Data Port)
21 TCP-UDP I/O I/O FTP File Transfer (Control Port)
22 TCP I/O SSH SSH, SCP copy, SFTP
25 TCP I/O SMTP Outgoing Email
37 TCP O Rdate Network Time
43 TCP O WHOIS Domain Lookup
53 TCP-UDP I/O I/O DNS Inbound only needed if you run public DNS Server
80 TCP I/O HTTP Web Server
110 TCP I/O POP3 Incoming Email
113 TCP-UDP O-O Ident Client Identification
123 UDP O NTP Network Time
143 TCP I IMAP4 Incoming Email
443 TCP I/O HTTPS SSL Web Server
465 TCP I SMTP Outgoing Email SSL-TLS
587 TCP I/O SMTP Outgoing Email
873 TCP - UDP O-O rsync File, Directory Sync
993 TCP I IMAP4 SSL Incoming Email
995 TCP I POP SSL Incoming Email
2077 TCP I WebDAV Distributed authoring
2078 TCP I WebDAV SSL Distributed authoring
2083 TCP I CPanel Cpanel SSL
2087 TCP I WHM WHM SSL
2089 TCP O Cpanel Licensing
2096 TCP I Webmail Web Mail SSL
2703 TCP O Razor email Scanning
3306 TCP I MySQL Out only if you need to connect remotely
4643 TCP I Virtuozzo Control Panel
6277 UDP O Spam Assassin
9987 UDP 1/0 TS3 Teamspeak Server
10011 TCP 1/0 TS3 Teamspeak Server
30033 TCP 1/0 TS3 Teamspeak Server
49900 - 50000 TCP-UDP Pure-FTPD FTP SSH Server
 

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
Nigel
Wow, that's great! Thanks a lot.

Did you create this guide yourself?
 

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
WPCycle
Just a note about the guide and firewalls...some ports are absolute like 53 or 995, but some ports like 22 need to be changed.
 

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
WPCycle
True, but it is safer to change that port since it is a default port that everyone knows of, and even cPanel suggests this for the same reasons (link below). A lot of managed services will close ports 20 and 21, and change port 22 before the customer has access...which also forces them to use SFTP instead of FTP.

For instance, many who use cPanel will block ports 2077, 2079, and 2095 and use the SSL ports of those instead.
 

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
WPCycle,

That is completely correct the reason i have it open still if so i have clients that use SFTP and require current normal FYP ports to be left open in order for it to work.

I've blocked the non SSL cPanel ports and also told if they try to redirect to the cPanel SSL ones :).
 

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
WPCycle
I forgot the link, but you get it :)

I found the only ones that needed FTP were the ones accessing their account through non FTP programs like Dreamweaver. I don't know if it's still the case, but the version from 2-3 years ago still had a very hard time connecting to SFTP, which unfortunately forces the user to use FTP even if they don't want to...or take 30 extra seconds to save the file and then transfer it using a SFTP client ;)
 
Older Threads
Replies
6
Views
7,978
Replies
8
Views
5,855
Replies
8
Views
4,067
Newer Threads
Replies
43
Views
16,754
Replies
12
Views
5,934
Replies
17
Views
4,787

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top