1. Security

How to fix cPanel/WHM logouts when using Tor

In this article we will cover how to fix common issue when accessing cPanel or WHM through TOR. cPanel validates cookies session and IP and in case it changes cPanel will force logout the user. Cookie IP validation is used to prevent session hijack, so that attacker cannot access your server if somehow he gets the cookie. In other words server validates that current cookie matches the recorded IP during login.

If you use TOR, your IP can change during the session and this will cause unexpected logout. It can be quite annoying, because you can be interrupted right in the middle of your work task. In this article we will explain how to loosen the security settings of cPanel to allow Tor access.

  • Login to WHM. Find Server Configuration > Tweak Settings
Tweak Settings WHM
Tweak Settings WHM
  • Go to Security tab.
  • Find Cookie IP Validation and set to disabled. By default it’s set to strict, which means the IP recorded in the cookie during initial login should match your current IP. Loose setting means that IPs can be from the same subnet. This will not help in case of Tor.
Disable Cookie IP validation cpanel
Disable Cookie IP validation
  • Save.

After this setting is made, you should be OK accessing cPanel and WHM using Tor. Definitely this setting looses your server security. You can read our previous article how to harden it so that you can balance out the new changes.