Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 56

 

Step 1:

Agreement

Step 5:

Services

 

 

Services

This section allows you to configure the services that you and your clients use on the server.

Note:

$body

FTP Configuration

To configure an FTP server, select the FTP server software that you wish to use. You can choose ProFTPD, Pure-FTPD, or Disabled.

Note:

$body

Mail Configuration

To configure a mail server, perform the following steps:

  1. Select the mail server that you wish to use. You can choose Dovecot, or Disabled.

    Note:

    $body

  2. If you wish to preserve settings for each mailbox as you migrate to the new mail server, select the Convert Mailbox Format checkbox. Deselect this checkbox to increase the speed of the migration.

    Warning:

    If you deselect this checkbox, you may lose your email settings.

Configure cPHulk Brute Force Protection

cPHulk provides protection from brute force attacks against your web services. To enable and configure cPHulk, perform the following steps:

  1. Select the Enable cPHulk checkbox.
  2. To allow the chkservd service to monitor and restart the cPHulkd service, select the Allow chkservd to monitor and restart cPHulkd checkbox.
  3. To add your local IP address to the whitelist, select the Add my IP address to the whitelist checkbox.
  4. To receive a notification whenever an IP address that is not on the whitelist performs a successful root login, select the Send a notification upon successful root login when the IP address is not on the whitelist checkbox.
  5. To receive a notification whenever an IP address that is not on the whitelist but comes from a known netblock performs a successful root login, select the Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock checkbox.
  6. To receive a notification whenever cPHulk detects a brute force attack, select the Send a notification when the system detects a brute force user checkbox.
  7. To block IP addresses at the firewall level whenever they meet the conditions for brute force protection, select the Block IP addresses at the firewall level if they trigger brute force protection checkbox.
  8. To block IP addresses at the firewall level whenever they meet the conditions for a one-day block, select the Block IP addresses at the firewall level if they trigger a one-day block checkbox.

    Note:

    The options to block IP addresses at the firewall level require iptables 1.4 or higher and a non-Virtuozzo environment.

  9. If you wish to configure additional cPHulk settings, select the Configure Advanced Settings checkbox.

     Click here to view cPHulk's Advanced Settings...

    The following Advanced Settings will appear. Enter the desired value in the text box that corresponds to each option:

    • Brute Force Protection Period (in minutes)  — The number of minutes to lock an account. The default value is 5 .
    • Maximum Failures by Account — The maximum number of failed authentication attempts allowed per account. The default value is 15.
    • IP Address-based Brute Force Protection Period (in minutes) — The number of minutes to block the IP addresses of potentially malicious users. The default value is 15.
    • Maximum Failures per IP Address — The maximum number of failed authentication attempts that an IP address allows. The default value is 5.
    • Command to Run When an IP Address Triggers Brute Force Protection — The full path to a command that the system runs when an IP address triggers brute force protection.
    • Maximum Failures per IP Address before the IP Address is Blocked for One Day — The number of failed authentication attempts before cPHulk blocks an IP address for a one day period. The default value is 30.
    • Command to Run When an IP Address Triggers a One-day Block — The full path to a command that the system runs when the system blocks an IP address for a one-day period.

      Note:

      For a full list of the variables that you can use in this command, read our cPHulk Brute Force Protection documentation. 

    • Duration for Retaining Failed Logins (in minutes) — The number of minutes that the system allows for an attacker to reach the Maximum Failures per IP Address setting. The default value is 360.

Install a Common Set of Perl Modules

Select the Provide modules to /usr/bin/perl formerly provided by checkperlmodules checkbox to install a common set of Perl modules to the /usr/bin/ directory.

Note:

$body

Save and continue

Click Save & Go to Step 6.

To return to Step 4, click Go Back.