Basic Security Concepts
For WHM version 11.40
Cross-site Request Forgery (XSRF) Attacks
Cross-site request forgeries (XSRF
) occur when a malicious user exploits the trust between a website and a user's browser. By exploiting that trust, malicious users can execute unauthorized commands on a website.
attacks rely on 2 items:
- Access to authentication credentials
- Surreptitious execution of a command via a URL
For more information about XSRF
attacks, as well as a few examples, you can visit this Wikipedia page
We recommend using a cookied authentication method for cPanel & WHM logins. HTTP authentication will not log out of an authenticated session unless the web browser application session is terminated. If HTTP authentication is used, the login credentials are cached by the browser until the application is terminated. Some browsers allow a method to flush credentials, but this method is not reliable or available in all browsers. When login credentials are cached by a web browser, they are susceptible to cross-site request forgery (XSRF
Due to the inherit weaknesses of HTTP authentication, we recommend disabling it from within WHM.
For more information, please visit our documentation here
Malicious users can steal cookies used in XSRF
attacks. Most browsers do not provide any protection to mitigate this attack. This is why we provide an option that allows you to validate the originating IP address
as part of the the cookie during authentication. On subsequent authentication requests, IP addresses are compared to original values in their cookies. A mismatched value causes an error and will result in a request for re-authentication.
When using validated cookies, it is important to remember to disable proxy
access. Accessing interfaces via a proxy
domain will cause the IP address
for the local host to be recorded (usually
), rendering IP validation useless.
To disable proxy
- Access WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings).
- Under the Domains tab on this interface, set the following 2 options to Off:
- Proxy subdomains
- Proxy subdomain creation
- Click Save.
Requiring your users to log in via SSL or TLS is a basic way of improving your system's security. If users do not use SSL/TLS (instead, using an unsecured connection over ports 2082, 2086, or 2095) then authentication credentials are sent in plain text, making them easy to steal, read, and use again later. As of cPanel 11.25, you can disable logins over ports 2082, 2086, and 2095, forcing your users to use secure (SSL/TLS) connections. Once you have enabled this option in WHM's Tweak Settings
interface, users who attempt to use ports 2082, 2086, and 2095 will encounter a page redirecting him or her to the proper (protected) port.
In addition to the methods listed above, cPanel has also included tokens to help combat XSRF
attacks. Tokens are inserted into the URL
and are unique to a single login session. Requests made without the appropriate token produce an error and result in a request for re-authentication. This action effectively thwarts XSRF
attacks because the attacking URL
will not contain the appropriate token.
Security tokens may cause problems with custom scripts and some third-party applications that integrate with cPanel & WHM. We recommend that you verify that third-party applications are compatible with security tokens before enabling them. If you must use applications that are not compatible with security tokens, we strongly recommend using URL
referrer checks instead.
URL Referrer Checks
We strongly recommend using security tokens instead of referrer checks. Referrer checks are only dependable when the blank referrer check is enabled and enabling this will result in an unacceptable number of false positives. However, referrer checks can be used in place of security tokens if you must use third-party applications that are not compatible with security tokens. The HTTP referrer (commonly spelled 'referer
') identifies the URL
of the page from which a user originated.
If it is not possible to use security tokens on your server, we strongly recommend enabling the following 2 options in your Tweak Settings
- Blank referrer safety check
- Referrer safety check
Weak passwords provide little protection against brute force
attacks. Brute force attacks occur whenever a malicious user attempts, by trial and error, to guess the password for a specific account. This process is most often automated, running off of a preexisting dictionary. WHM provides an interface that allows you to specify the minimum password strength your cPanel users are permitted to use. We strongly recommend a value of 50
The minimum password strength requirement only applies to passwords created and modified by the cPanel product. The feature does not configure PAM to enforce the requirements. Thus, a user with shell
access may be able to change his password to a weaker one using the passwd