March 14, 2019 / Nirav Shah
Abstract Here, we will see the ports that we need to be configured for WHM to function properly and also provide a brief note for the same. This is a part/continuation of our previous blog post on How to Migrate WHM From Third Party Providers to AWS, where we showed the steps to install WHM on an EC-2 server. In this blog post we will show the steps that you need to take in order to make your WHM secure without losing any of its functionality.
Here is an exclusive list of ports and the required protocols and layers on which they need to be open at the time of writing this AWS technology blog.
| PORT | SERVICE | TCP | UDP | Inbound | Outbound | Localhost | Notes |
|---|---|---|---|---|---|---|---|
| 1 | CPAN | YES | YES | “Show Available Modules” option in cPanel’s Perl Modules interface (cPanel >> Home >> Software >> Perl Modules) uses this port to improve the speed in which it appears. | |||
| 20 | FTP | YES | YES | YES | Instead of FTP, we recommend that you use the more secure SFTP via SSH. | ||
| 21 | FTP | YES | YES | YES | Instead of FTP, we recommend that you use the more secure SFTP via SSH. | ||
| 22 | SSH | YES | YES | You must open this port before you use WHM’s Transfer Tool interface (WHM >> Home >> Transfers >> Transfer Tool). and later on Open this port only for private access from your IP as keeping it open to the world is a big Security Risk |
|||
| 25 | SMTP | YES | YES | YES | |||
| 26 | SMTP | YES | YES | YES | cPanel & WHM only uses this port if you specify it in WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager). | ||
| 37 | rdate | YES | YES | ||||
| 43 | whois | YES | YES | ||||
| 53 | bind | YES | YES | YES | YES | cPanel & WHM only uses this port if you run a public DNS server. | |
| 80 | httpd | YES | YES | YES | This port serves the HTTP needs of services on the server. We strongly recommend that you encourage your users to use port 443, which uses the more secure SSL/TLS security protocol. |
||
| 110 | POP3 | YES | YES | ||||
| 113 | ident | YES | YES | ||||
| 143 | IMAP | YES | YES | ||||
| 443 | httpd | YES | YES | YES | This port serves the HTTPS needs of services on the server. | ||
| 465 | SMTP,SSL/TLS | YES | YES | YES | YES | ||
| 579 | cPHulk | This port should only accept connections on the 127.0.0.x IPv4 address. Your system does not require that this port accept external traffic. | |||||
| 783 | Apache SpamAssassin™ | YES | YES | YES | |||
| 873 | Rsync | YES | YES | YES | |||
| 993 | IMAP SSL | YES | YES | ||||
| 995 | POP3 SSL | YES | YES | ||||
| 2703 | Razor | YES | YES | Razor is a collaborative spam-tracking database. For more information, visit the Razor website. | |||
| 2077 | WebDAV | YES | YES | YES | cPanel’s Web Disk interface (cPanel >> Home >> Files >> Web Disk) uses these ports. | ||
| 2078 | WebDAV SSL | YES | YES | YES | |||
| 2079 | CalDAV and CardDAV | YES | YES | YES | cPanel’s Calendars and Contacts interface (cPanel >> Home >> Email >> Calendars and Contacts) uses these ports. | ||
| 2080 | CalDAV and CardDAV (SSL) | YES | YES | YES | cPanel’s Calendars and Contacts interface (cPanel >> Home >> Email >> Calendars and Contacts) uses these ports. | ||
| 2082 | cPanel | YES | YES | To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” option to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases. | |||
| 2083 | cPanel SSL | YES | YES | ||||
| 2086 | WHM | YES | YES | To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” option to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases. | |||
| 2087 | WHM SSL | YES | YES | ||||
| 2089 | cPanel Licensing | YES | YES | You must open this port in order to contact the cPanel license servers. | |||
| 2095 | Webmail | YES | YES | To disable logins via this port and only allow SSL logins, set the Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS” option to On in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). This will redirect users to secure ports with the /cpanel, /whm, and /webmail aliases. | |||
| 2096 | Webmail SSL | YES | YES | ||||
| 2195 | APNs | YES | YES | cPanel & WHM only uses this port for the Apple® Push Notification Service (APNs). For more information, read our How to Set Up iOS Push Notifications documentation. | |||
| 3306 | MySQL® | YES | YES | MySQL uses this port for remote database connections. | |||
| 6277 | DCC | YES | YES | YES | |||
| 24441 | Pyzor | YES | YES | YES |
These are the ports and the protocols that are generally needed to opened for the WHM server to function properly along with all the different services it provides. If you face any issues regarding connectivity or failure of services just go through this list and audit your security-group configuration to check if any port was denied access.
Also Read : How to Install PHP GD Library on CentOS using WHM
FAQs:
1. What is the default setting of a security group in AWS?
2. What is a port in the security group?
3. How many security groups does an instance have
As a Director of Eternal Web Private Ltd an AWS consulting partner company, Nirav is responsible for its operations. AWS, cloud-computing and digital transformation are some of his favorite topics to talk about. His key focus is to help enterprises adopt technology, to solve their business problem with the right cloud solutions.
Have queries about your project idea or concept? Please drop in your project details to discuss with our AWS Global Cloud Infrastructure service specialists and consultants.
