BuycPanel Blog

BuycPanel Blog

Latest news and updates

7/21/2015 – How Can I Prevent Hackers from Accessing My Users’ Directories?

Posted by Jamison on 21 07 2015.

It is important to apply permissions on every user’s home directory.  But first, the cPanel domain owner should apply permissions in the cPanel account to avoid hackers from obtaining unwarranted privileges in the server.  As the responsibility of maintaining overall protection and security is with the server administrator, it is important to ensure that the cPanel account has good login credentials and the directories are well protected.

 

First, ensure that you have a strong passcode.  It is your first line of defense against unwarranted entries and malicious hackers.  Below are some of the tips that you could practice when you apply new passcodes:

 

	Avoid using details directly related to your basic identification such as birth date, phone number, real name, user name, or company name
	Change your passcode once in awhile
	It should be significantly different from prior passcodes (e.g., avoid successive entries such as jan2014, feb 2014, etc.)
	Use more than 8 characters
	Use a…

It is important to apply permissions on every user’s home directory.  But first, the cPanel domain owner should apply permissions in the cPanel account to avoid hackers from obtaining unwarranted privileges in the server.  As the responsibility of maintaining overall protection and security is with the server administrator, it is important to ensure that the cPanel account has good login credentials and the directories are well protected.

 

First, ensure that you have a strong passcode.  It is your first line of defense against unwarranted entries and malicious hackers.  Below are some of the tips that you could practice when you apply new passcodes:

 

  • Avoid using details directly related to your basic identification such as birth date, phone number, real name, user name, or company name
  • Change your passcode once in awhile
  • It should be significantly different from prior passcodes (e.g., avoid successive entries such as jan2014, feb 2014, etc.)
  • Use more than 8 characters
  • Use a combination of letters, symbols, and numbers
  • Letters ideally contain both uppercase and lowercase letters
  • Do not “remember” your passcode in browsers

 

Now that you have a strong first line of defense, it is still a good practice to add an extra layer of defense to the directories inside your account.  You may want to limit the extent of viewing inside your account as there may be some directories you do not want the public to have access to.  In this regard, you can password protect your directory.

 

To protect a directory, apply login credentials (username and passcode) for users to log in and view the files.  Please note that granting protection on the folder will also protect the subfolders inside.  To protect the contents of the directory, you can rename it and it will not affect the actual name of the directory.  Users will need to be given access in order to log in and view the protected directory.

 

To password protect your directory, simply follow the steps below:

 

STEP 1: Navigate to the “Security“ Section of your cPanel.

 

STEP 2: Click on the “Password Protect Directories” icon.

 

STEP 3: Select the name of the directory you wish to protect.  If you want to protect a subfolder instead, click on the folder icon next to its name then click the desired subfolder.

 

STEP 4: Check the box “Password protect this directory.”

 

STEP 5: A screen will appear prompting you to configure the folder’s settings.  You may give the directory a different name in the field “Name the protected directory.”  Others will see this when they try to log in.

 

STEP 6: Click Save.

 

STEP 7: To create authorized users for the directory, navigate to the bottom of the page.  Fill in a Username and Passcode and click “Add/Modify authorized user.”

 

You can check if you have successfully protected your directory by relaunching your web browser and viewing the directory.  Your browser should prompt you to log in if you try to click on the directory.