The World Wide using 100 billion emails get sent each day. We using emails out-of-office alerts to heavily private account information and billing related summaries gets transferred across servers, web and from person to person. And while we expect the things we send and deliver to remain protected and secured, we know that that email isn’t always the case. There are various ways to emails can be compromised, however, there are also a number of things that you can do, as a hosting provider, to prevent email abuse on your cPanel & WHM server. Here are a few of our easy-to-administrator tips.

Step 1- Increase the Character Count on Email, cPanel or WHM Passwords

We all know….well, we all should know the difference between a secure password and an insecure one:

Less secure Password : rahi1234

More secure Password : !13%1b3e6tre221

Secure password Generating tool

With that in mind, ensuring your mail account holders are using secure passwords is one of the very simplest ways to protect their information. While capitalization, symbol usage, and spelling all factor into password security, as a hosting provider, you can set a character minimum to ensure that all of your users have a base level of protection.

Step 2- Enable cPHulk Brute Force Protection

Now we going to learn about enabling the cPHulk Brute Force Protection on your VPS (Virtual Private Server) or dedicated server, for protect your server from bad login attempts.

cPhulk interface allows you to configure cPHulk, a service that provides server level protection for your server against brute force login attacks. A brute force attack is a hacking method that uses an automated system to guess the password to your web server or web services or hacking you email accounts data.

When cPHulk blocks an IP address or account, it does not identify itself as the source of the block. Instead, the login page displays the following warning message: The login is invalid.

Important: We strongly recommend that you add your own IP address or addresses to the whitelist to avoid a lockout of the root user account.

Now Let’s Start to Enable cPHulk Brute Force Protection

Log into WHM as the root user.

Type in cphulk in the Find box at the top-left, then click on cPHulk Brute Force Protection.

cphulk-openIf you’d like to use the default settings, simply click on Enable at the top.

cphulk-configurationYou can modify the options in the Configuration Settings tab to adjust how cPHulk will handle blocking IPs, here are the defaults and what they do:

IP Based Brute Force Protection Period in minutesHow long in minutes cPHulk will deny login attempts from a certain IP address.
Brute Force Protection Period in minutesHow long in minutes an IP address needs to hit its max failures within to start blocking.
Maximum Failures By AccountOnce an account hits this limit, the entire account will be denied further login attempts.
Maximum Failures Per IPOnce an IP address hits this limit, that IP address will be denied further login attempts.
Maximum Failures Per IP before IP is blocked for two week periodOnce an IP address hits this limit, it will be blocked for two weeks.
Send a notification upon successful root login when the IP is not whitelistedDisabled by default, you can send yourself an email anytime there is a root login from an IP address not in your whitelist.
Extend account lockout time upon additional authentication failuresEnabled by default, if an IP address get blocked, and continues to try to login, each time they do it will extend their lockout time.
Send notification when brute force user is detectedDisabled by default, you can send yourself an email anytime a brute force attempt is detected.

Step 3- Enable SMTP Restrictions

All online activity happens through a series of rules called protocols. For mail, SMTP, or Simple Mail Transfer Protocol, is the system that allows mail to leave one mail server and get delivered directly to another machine.

With SMTP Restrictions, a feature you can enable straight from WHM,  you can prevent spammers from directly interacting with your remote mail servers or even working around your mail security settings.

There are, of course, many more ways you can up the security on your mail server and protect your customers.

Spammers commonly attempt to work around mail security settings by interacting directly with remote mail servers. WHM’s SMTP Restrictions can prevent users from doing so. You can access this feature in two locations:

Let’s Start to Enable SMTP Restrictions.

Click Enable to deny users the ability to bypass your mail server to send mail. To allow users the ability to bypass your mail server, click Disable.

Home >> Server Configuration >> Tweak Settings, under the Mail Tab as Restrict outgoing SMTP to root, exim, and mailman.

Home >> Security Center >> SMTP Restrictions

Enabling this setting restricts outgoing email connection attempts to the mail transfer agent (MTA), the mailman system user, and the root user. Ultimately, this forces both scripts and users to use Exim’s Sendmail binary, rather than directly accessing the socket.

NOTE: Prior to version 11.32, this feature would simply block any attempt to connect to a remote mail server. Starting with cPanel & WHM 11.32, the software redirects the outgoing connection attempt to the local mail server.

Thats it Thank you for watching…