Table of Contents
cPanel is a well known platform in the IT industry around the globe. cPanel is a web hosting control panel that allows you to manage your website and server. Protecting your cPanel account is crucial, as it contains sensitive information like your website files, databases, and email accounts.
It’s like a dashboard with various tools and features organized for convenient access. Think of it as the control center for your online presence. Here’s what you can do with cPanel:
Manage your website files and folders: Upload, download, edit, and organize your website content, like images, scripts, and code.
Create and manage email accounts: Set up email addresses for your domain, manage users, and access webmail services.
Manage databases: Create and manage databases, like MySQL, commonly used by Content Management Systems (CMS) like WordPress.
Install software and applications: Easily install popular scripts and applications onto your server, like CMS platforms, forums, and e-commerce solutions.
Configure security settings: Control access to your server, manage Firewalls, and set up security measures like two-factor authentication.
Monitor server performance: View resource usage, track website traffic, and identify potential issues.
Backup and restore data: Easily back up your website files, databases, and emails for safekeeping and recovery in case of any problems.
cPanel is especially popular with shared hosting providers, making it accessible even for beginners. Its web-based interface simplifies tasks that would otherwise require technical knowledge and command-line commands. This was all about what cPanel does.
Read: Email Authentication: Unveiling the Secrets of Trustworthy Emails
Now, go through the parameters that can be used to protect your cPanel Account:
How do Clients Look at the cPanel Hack?
In a cPanel hack, the client domain or IP address of the server itself gets blacklisted. This is happening in spam mailings or other malicious activity. Due to penalties from search engines for hacking the domains, a brand is getting affected in many ways like monetary and reputational losses, etc.
The process of excluding a website from blacklisting is long-lasting. The best solution is to think about security ahead of time before a cPanel hack occurs.
How Can a cPanel Account be Hacked?
Hacking via Password Recovery
Resetting the password using the. contactmail file is outdated. In cPanel version 106, contact emails is diverted to /var/cpanel/users/$USER and only the account administrator is given access to edit it.
Hacking a cPanel account is like hacking a website, and vice versa. We have experienced the same cases of hacking via password recovery systems. By exploiting a vulnerability or using compromised access, the hacker replaces the email address in the file ~/.contactemail with his own. This gave them entry into the system. In the future, the hackers can reset the password from the account and gain access to the cPanel account. This is possible if the option “Reset Password for cPanel accounts” is enabled on the server.
Scanning or changing credentials is not a solution, so if you suspect that you have been hacked – check that the mail is legit. Also, as an indicator of compromise, there can be a request from 127.0.0.1 in the log file /usr/local/cpanel/logs/access_log (user – agent may be unique)
However, legitimate requests will not work in the cPanel for this URL or IP address – 127.0.0.1. If you see the logs, then it was initiated by automated hacking tools. If you disable the password recovery functionality, you can perform this by going to WHM >> Tweak settings. Uncheck the option ‘allow cPanel users to reset their password via email’ and save the settings. This will not allow users to reset their passwords via the ‘you can reset your password by entering the username’ link.
Most often, after hacking a cPanel account, attackers develop a mailbox for spending spam, upload doorway pages on the server, or develop a subdomain for phishing. Imunify360 is useful for protecting attacks from hackers. With the help of cPanel hooks Imunify360 blocks malicious actions made in cPanel File Manager. Whenever a potential attacker uploads a file Imunify360 will initiate a scan before the file is saved to the actual location.
Read: List of 51 Linux Commands for Beginners
Brute – Force Attack
A brute-force attack is a hacking technique that tries to guess a password or encryption key by systematically trying every possible combination until it finds the right one. Imagine it like trying every key on a keyring until you find the one that opens the lock.
Here’s how it works:
Target selection: The attacker chooses a system or account to target, such as a website login page, an encrypted file, or even a physical lock.
Combination generation: The attacker uses a computer program to generate a massive list of possible passwords or keys. This list could include simple combinations like “password123” or more complex ones like “I<3mydog!”.
Trial and error: The program systematically try each combination from the list against the target system. This can be done very quickly, with millions of attempts per second possible.
Success or failure: If the program guesses the correct password or key, the attacker gains unauthorized access to the system or decrypts the file. If not, the program keeps trying until it finds the right one or runs out of possibilities.
Brute-force attacks are often used to crack weak passwords or encryption with short keys. They can be very effective against simple passwords like those mentioned above, but they become much less effective with longer, more complex passwords that include a mix of upper and lowercase letters, numbers, and symbols.
API Tokens
What are API tokens?
Imagine them as digital keys. Each API, like a virtual vault, has its own set of keys, and tokens are those special ones granted to authorized users (or applications). These tokens prove who you are and what you’re allowed to do within the API.
Why are they used?
Think of usernames and passwords as traditional locks. They work, but sending them around can be risky. API tokens offer a more secure alternative. They’re typically longer, harder to guess, and often expire automatically, making them less vulnerable to theft or misuse.
How do they work?
When you request access to an API, you might be provided with a token. This token is then included in every request you make to the API, acting like a secret handshake verifying your identity and granting you access to specific resources.
Benefits of using API tokens:
- Improved security: Compared to passwords, they’re less vulnerable to phishing attacks and brute-force attempts.
- Granular control: You can grant different tokens with varying levels of access, preventing unauthorized users from accessing sensitive data.
- Convenience: Tokens often last longer than session cookies, reducing the need for frequent logins.
- Automation-friendly: Applications can easily use tokens to connect to APIs without requiring user intervention.
Read: In 2024: cPanel Increases Price for 5th Time in a Row
How to Secure WHMCS/cPanel Account if your account is hacked?
If you come across to hacked accounts then you must change the credentials on the account and also scan the files for malicious code, as well as check the databases. Attackers also develop new accounts for the CMS to upload malicious code through them.
Check below the list of what you need to do after hacking.
Change the cPanel account password. It is suggested to use strong password with a mix of letters (upper and lower case), numbers and symbols, no ties to your personal information, and no dictionary words.
Also, modify the passwords from MySQL and FTP/SSH accounts.
Check files ~/.contactemail and ~/.cpanel/contactinfo for correct email.
Check cron jobs for malicious injects.
Monitor the fraudulent user in CMS (in case of WordPress, this is a table wp_users).
Scan and clean-up files and DB for malicious code. You can scan the database using our solution MDS (Malware Database Scanner).
Check Two-factor Authentication features that will give extra security
2FA: Bolstering Online Security with an Extra Layer
Nowadays, safeguarding sensitive information is the supreme parameter. 2FA offers a potent security measure by requiring two forms of identification during the login process. Compared to single-factor authentication (which often relies solely on passwords), 2FA significantly enhances security, making unauthorized access considerably more challenging.
Types of 2FA:
- Knowledge-Based: Something you know, like a password, PIN, or security question.
- Possession-Based: Something you have, like an authenticator app, security token, or SMS code.
- Inherence-Based: Something you are, like a fingerprint, facial recognition, or iris scan.
Common 2FA Features:
Authenticator Apps (Time-Based One-Time Passcodes, TOTPs): Generate unique codes that change frequently, adding an extra layer of protection.
Push Notifications: Approve login attempts directly on your device with a single tap.
Security Keys (U2F/FIDO): Physical devices that plug into your computer for a highly secure login experience.
SMS Verification: Codes are sent to your phone number for convenient confirmation.
Biometrics: Fingerprint or facial recognition scans add a strong security layer and user convenience.
Final Words
Show the gatecrashers the exit, your cPanel security starts here.
Unwanted visitors sneaking into your cPanel account? It’s time to amp up your security game!
Dive into our latest blog post for practical advice and stay worry-free.
Let’s create a secure digital world together! Find out more by visiting our blog post now.
