Dev {Tricks}

You are here: Home / Server and Hosting / Web Control Panel / CentOS Web Panel / How to secure CWP (CentOS Web Panel)

by

How to secure CWP (CentOS Web Panel)

CWP (CentOS Web Panel) is powerful but not secure by default. If you leave it as-is, it will get attacked.

Here’s a practical hardening guide:

πŸ”’ 1. Change Default Ports (VERY IMPORTANT)

CWP runs on:

  • 2030 (HTTP)
  • 2031 (HTTPS)

πŸ‘‰ Bots scan these ports constantly.

Change it:

Edit config:

vi /usr/local/cwpsrv/conf/cwpsrv.conf

Change:

listen 2031 ssl;

➑️ Example:

listen 2087 ssl;

Then restart:

service cwpsrv restart

πŸ” 2. Enable Firewall (CSF) Properly

CWP comes with CSF (ConfigServer Firewall)

Go to:
πŸ‘‰ CWP β†’ Security β†’ CSF Firewall

Recommended:

  • Enable TESTING = 0
  • Enable:
    • SYN Flood Protection
    • Port Scan Tracking
    • Connection Tracking

Allow only needed ports:

22 (SSH)
80 (HTTP)
443 (HTTPS)
YOUR NEW CWP PORT

🚫 3. Disable Root Login (SSH)

Edit:

vi /etc/ssh/sshd_config

Change:

PermitRootLogin no

Restart:

systemctl restart sshd

πŸ‘‰ Create a sudo user instead.

πŸ”‘ 4. Use SSH Key (No Password Login)

vi /etc/ssh/sshd_config

Set:

PasswordAuthentication no

πŸ‘‰ This alone blocks 90% of brute-force attacks.

🧱 5. Enable ModSecurity + OWASP Rules

Go to:
πŸ‘‰ CWP β†’ Security β†’ ModSecurity

Enable:

  • ModSecurity = ON
  • OWASP rules = ON

πŸ‘‰ Protects against:

  • SQL injection
  • XSS
  • common exploits

🌍 6. Restrict CWP Access by IP (BEST MOVE)

If only you use the panel:

Allow only your IP:

In CSF:

csf -a YOUR_IP

Then block panel port for others.

πŸ‘‰ This is one of the strongest protections.

πŸ”„ 7. Keep System Updated

yum update -y

And update CWP:

sh /scripts/update_cwp

πŸ›‘οΈ 8. Install Fail2Ban (Extra Layer)

yum install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban

πŸ‘‰ Protects:

  • SSH
  • login brute force

πŸ” 9. Secure PHP & Disable Dangerous Functions

Edit php.ini:

vi /usr/local/php/php.ini

Disable:

exec,passthru,shell_exec,system,proc_open,popen

πŸ“‚ 10. Fix File Permissions

chmod 755 /home/*
chmod 644 public_html files

πŸ”’ 11. SSL for Panel

Make sure you use:

https://your-ip:PORT

πŸ‘‰ You can install Let’s Encrypt inside CWP panel.

🚨 12. Change Default Login URL (Optional but smart)

Use firewall rules to restrict /login access or proxy it.

πŸ’‘ Bonus (Highly Recommended)

  • Disable unused services:
systemctl disable ftp
  • Remove unused PHP versions
  • Monitor logs:
/var/log/secure

βœ… Minimum Must-Do Checklist

If you do nothing else, do these 5:
βœ” Change port
βœ” Enable CSF firewall
βœ” Disable root SSH
βœ” Use SSH key
βœ” Restrict IP access

 

 

Post Views: 3

Hire Me!

  • Upwork
  • Freelancer
  • Fiverr
  • Guru