Check Access Logs for website

Typically on a cPanel host your access logs are kept in

/usr/local/apache/domlogs/username/incredigeek.com

Where username is your cPanel username and incredigeek.com is your website.

To view the logs you can use tail -f to follow the log.

tail -f /usr/local/apache/domlogs/username/incredigeek.com

You can also use grep to search the logs.

grep "text to search" /usr/local/apache/domlogs/username/incredigeek.com

cPanel custom Dovecot Query to delete email

In cPanel under an email account you can Free up Email Storage. There is a Custom query field which allows you to specify a custom Dovecot query to run. Couple examples below.

Delete email from email address

from sent@email.com

Email that contains a specific string in the message body

body "string to match in message body"

Other useful info
https://wiki2.dovecot.org/Tools/Doveadm/SearchQuery

cPanel/WHM – Apache SpamAssassin add Domain to Blacklist or Whitelist from SSH Command Line

The domains are stored in the “~/.spamassassin/user_prefs” config file.

To blacklist a domain just add it to the config file.

blacklist_from *.domain_to_block.com

To whitelist, change blacklist to whitelist

whitelist_from *.incredigeek.com

Save and exit the file.

Allow WHM/cPanel ssh logins from specific IP addresses using iptables

For some reason the hosts.allow and hosts.deny files don’t seem to work on cPanel.  One of the alternative methods to limit ssh logins to specific addresses is to use iptables.

Allow access from specific IP addresses. 

Replace 192.168.1.0/24 and 192.168.0.0/24 with your addresses.  You can add more addresses using the “,”.  Also if your ssh port is not the default port, be sure to change it.

iptables -A INPUT -s 192.168.1.0/24,192.168.0.0/24 -p tcp --dport 22 -j ACCEPT

Reject access from everywhere else

iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 22 -j REJECT

You can see your rules with

 iptables -L --line-numbers

If you need to add another rule after the fact, you’ll need to make sure that it is above the REJECT rule. you can use the “-I” to insert it between rules.

Example: inserts rule as the second rule in the INPUT chain

iptables -I INPUT 2 -s 192.168.42.0/24 -p tcp --dport 22 -j ACCEPT

Add, List, and Delete iptable rules

Add iptable rule

The following rule rejects access to port 22 on all devices except ones on the 192.168.1.0/24 network.  Note the “!”.  This command can be useful for a WHM/cPanel server to limit ssh access.

iptables -A INPUT ! -s 192.168.1.0/24 -p tcp --dport 22 -j REJECT

List iptable rules with line numbers

iptables -L --line-numbers

Example output

root@localhost [~]# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 REJECT tcp -- !192.168.1.11 anywhere tcp dpt:ssh reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mailman
2 cpanel-dovecot-solr all -- anywhere anywhere

Chain cpanel-dovecot-solr (1 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere multiport sports 8984,7984 owner UID match cpanelsolr

Remove iptable rule

To delete a rule use the -D option with the Chain and the line number.  So to delete the first rule in the example output above, we would specify the INPUT chain and the the line number 1

 iptables -D INPUT 1