Changing domain.com/cpanel

bikegremlinbikegremlin ModeratorOGContent Writer

When using cPanel shared, or reseller hosting, is it possible, as a user/customer, to disable, or change the login through:
domain.com/cpanel

I have figured out how to disable cpanel.domain.com, but not the /cpanel

Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews

Comments

  • XsltelXsltel Hosting Provider

    your host provider will need to disable proxying that sub directory from tweak settings.
    I doubt its possible to override that in .htaccess

    Xsltel OU | A One-man show powered by 250 grams of brain
    Offering reliable hosting services, Server management since 2011 and free cPanel hosting since 2020

  • bikegremlinbikegremlin ModeratorOGContent Writer

    @Xsltel said:
    your host provider will need to disable proxying that sub directory from tweak settings.
    I doubt its possible to override that in .htaccess

    Yes - .htaccess from user's cPanel account doesn't help.
    Is that a normal thing to ask the provider?
    Can it be done on a per-customer level?

    I would expect it to require a server restart at least.

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • mikhomikho AdministratorOG

    You have to talk to the provider if its only for one or a few domains,
    https://forums.cpanel.net/threads/possible-to-disable-domain-com-cpanel-for-client.468861/

    Thanked by (1)bikegremlin

    “Technology is best when it brings people together.” – Matt Mullenweg

  • XsltelXsltel Hosting Provider

    actually after further checking I don't see an option to disable that from tweak settings. I mixed that with subdomain in my first reply.

    however its possible to achieve that by these commands
    cp /var/cpanel/templates/apache2_4/ea4_main.default /var/cpanel/templates/apache2_4/ea4_main.local

    then editing the new file
    /var/cpanel/templates/apache2_4/ea4_main.local

    and finding and commenting these lines
    ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?kpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
    ScriptAliasMatch ^/?securecontrolpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
    ScriptAliasMatch ^/?securecpanel/?$ /usr/local/cpanel/cgi-sys/sredirect.cgi
    ScriptAliasMatch ^/?securewhm/?$ /usr/local/cpanel/cgi-sys/swhmredirect.cgi
    ScriptAliasMatch ^/?webmail$ /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/?webmail/ /usr/local/cpanel/cgi-sys/wredirect.cgi
    ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi

    then
    /scripts/rebuildhttpdconf
    /scripts/restartsrv_httpd

    if someone need to do it on their cPanel server

    Thanked by (2)bikegremlin Abdullah

    Xsltel OU | A One-man show powered by 250 grams of brain
    Offering reliable hosting services, Server management since 2011 and free cPanel hosting since 2020

  • If you're using Cloudflare, you can do it using their page rules.
    For example: domain.tld/cpanel -> domain.tld.
    Though if you're on the free plan, you won't have enough rules if you'd like to redirect all cPanel-related URLs (/cpanel, /whm, /webmail, :2083, :2087, :2096, ...)

    Thanked by (1)bikegremlin
  • bikegremlinbikegremlin ModeratorOGContent Writer

    @Naix said:
    If you're using Cloudflare, you can do it using their page rules.
    For example: domain.tld/cpanel -> domain.tld.
    Though if you're on the free plan, you won't have enough rules if you'd like to redirect all cPanel-related URLs (/cpanel, /whm, /webmail, :2083, :2087, :2096, ...)

    How much of a "hacking" risk does leaving those available pose?

    A friend got warned about these for their website, and asked me if it could be blocked somehow.
    I suppose a good, strong password, with any decent provider (that blocks 1000 tries per minute) should suffice. Am I wrong?

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • edited February 2021

    @bikegremlin said:

    @Naix said:
    If you're using Cloudflare, you can do it using their page rules.
    For example: domain.tld/cpanel -> domain.tld.
    Though if you're on the free plan, you won't have enough rules if you'd like to redirect all cPanel-related URLs (/cpanel, /whm, /webmail, :2083, :2087, :2096, ...)

    How much of a "hacking" risk does leaving those available pose?

    A friend got warned about these for their website, and asked me if it could be blocked somehow.
    I suppose a good, strong password, with any decent provider (that blocks 1000 tries per minute) should suffice. Am I wrong?

    Not much risk I think and yes you're right, that should be enough.
    You could also enable 2FA.
    When I attempted to do this, I was concerned about L4 DDoS attacks to the cPanel server, so I wanted to try and make it a bit harder to get the server IP.
    I gave up when I found out that there are many URLs and ports to try to redirect/hide.

    Thanked by (1)bikegremlin
  • bikegremlinbikegremlin ModeratorOGContent Writer
    edited February 2021

    From what I could tell, when using Cloudflare, you can't get the server's IP, even when you are redirected to domain.com/cpanel.

    Of course, whm.domain.com, cpanel.domain.com etc. are disabled (aren't resolved through DNS), and mail.domain.com is not on the website's hosting server.

    2FA is a huge hassle, and not sure if I'm too naive, but I'm not a big fan of that. I understand it makes unauthorized access exponentially more difficult.

    Thanked by (1)Naix

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

Sign In or Register to comment.