How to disable cPanel URLs

Tabrez Ahmed picture Tabrez Ahmed · Feb 2, 2012 · Viewed 27.9k times · Source

I use cPanel for hosting my website. I have noticed that if anyone who visits my website happens to be a web developer, he can always reach my cPanel Login page via mydomain.com:2082, mydomain.com/cpanel, etc.. It is better to not let the visitors know what control panel I use. I want to disable these URLs. To myself log in to cpanel, I will use the alternate URL provided by my Web Host which is something like a.myhost.com/cpanel.

As a work around, I also changed the main domain and added my main website as an addon domain. But even that didn't work and addondomain.com:2082 and addondomain.com/cpanel showed up the cpanel login and I was able to login there using cpanel username and password.

Please help me hide these pages from the public world. At least addondomain.com:2082 or addondomain.com/cpanel should throw a 404(preferable) or 403 or anything.

I use cPanel 11/x3.

Even my hosting provider is not able to help me with this. Anybody who know anything about this, or implemented this, please help me.

Thanks in advance....

Answer

pl1nk picture pl1nk · May 15, 2012

Changing default cPanel port.

The cPanel port can be changed in /var/cpanel/cpanel.config file.

Just change port=2082 (located in the config file) to anything else.

Then running the following commands for the changes to take effect.

/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings
/etc/init.d/httpd restart

Changing/removing default cPanel URLs.

For the /whm and /cpanel urls, remove/change these lines or similar matched lines located on the /usr/local/apache/conf/httpd.conf file:

 ScriptAliasMatch ^/?cpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
 ScriptAliasMatch ^/?webmail/?$ /usr/local/cpanel/cgi-sys/wredirect.cgi
 ScriptAliasMatch ^/?whm/?$ /usr/local/cpanel/cgi-sys/whmredirect.cgi

Then run the following commands for the changes to take effect.

 /usr/local/cpanel/bin/apache_conf_distiller --update
 /scripts/rebuildhttpdconf
 /etc/init.d/httpd restart

Source and more info