Overview
To keep our infrastructure robust and to avoid any potential security or data breach we have set some access limitations to the cPanel server environment for both incoming and outgoing.
Services that are Allowed:
Inbound services Allowed
-
FTP
-
SMTP / SMTPS
-
HTTP / HTTPS
-
IMAP / IMAPS
-
POP3 / POP3S
-
WebDAV
-
CalDAV / CardDAV
-
cPanel access
-
WHM Access
-
Webmail
Outbound services Allowed
-
FTP
-
SMTP/SMTPS
-
MySQL
Services that are Blocked:
Inbound services Blocked
-
MySQL
-
Telnet
-
NTP
-
Kerberos
-
SSH / SFTP
Outbound services Blocked
-
POP3 / IMAP both standard and secure socket.
-
Telnet
-
NTP
-
Kerberos
cPanel Email restrictions
- SMTP Email Ratelimit / Account / Hour 100
- SMTP Email Ratelimit / Account / DAY 500
- SMTP EMail Ratelimit / DOMAIN / Day 2500
- POP3 Logins / Hour 80
Firewall limits
- POP3 Logins / Hour 80
- IMAP Logins / Hour Unlimited
- Failed login limit * 15
- Connection tracking Limit ** 10
- Connection Tracking Ports ** Port 25 (SMTP)
'*' When the number of failed login limit is reached, the source IP address will be blocked.
‘**’ When the connection limit is reached, the source IP is blocked for one hour.
General Restrictions
-
xmlrpc.php is blocked at the web server level
This mitigates a lot of incoming abuse against Wordpress installations.