Securing cPanel/WHM using URL parameters

SuperSajuuk

Member
Apr 10, 2016
13
2
3
United Kingdom
cPanel Access Level
Root Administrator
Hi there.

I'm looking to do some security on my VPS and am wondering if it is possible to make cPanel and WHM reject any requests to load the login page if a specific url parameter is not specified (something like ?valid_request=1&referrer=thespecifiedreferred). Is this something I can do with cPanel or would I need to do that at the VPS level?

I ask about this because I'm getting the odd email from cPHulk Daemon where people are randomly brute forcing my cPanel (luckily not my WHM link), but I would definitely like to see if I can secure both portals with URL parameters (that obviously aren't known to the outside world), and a randomly generated session code if the parameters are given).

Thanks!
 

SuperSajuuk

Member
Apr 10, 2016
13
2
3
United Kingdom
cPanel Access Level
Root Administrator
Hi @Infopro

I'm already making use of 2FA for the WHM account, but my main cPanel account is also accessed by another user (that I trust) so I cannot use 2FA on that account. Therefore, I'd like to be able to add URL parameters to prevent people just "guessing" the cPanel link and trying to brute force the account.

Thanks.
 

SuperSajuuk

Member
Apr 10, 2016
13
2
3
United Kingdom
cPanel Access Level
Root Administrator
@Infopro My intention was to write some script that would be loaded first before the cPanel login with my own URL parameters that would be required. When I specified any parameters, the cPanel login broke, so my script would also need to have compatibility with the login form that cPanel uses.

That way, people won't be able to reach the cPanel or WHM login pages at all to attempt brute forcing the accounts unless they've got a valid link to the page.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,270
463