cPanel is the interface that all our clients use in order to manage a shared hosting account. This document will provide a very basic overview of the available options to help you obtain an idea of what is available and how to make use of it. For a more complete document on cPanel, see http://www.cpanel.net/docs/cpanel/
To get to cPanel, you will simply go to http://cpanel.yourdomain.com (replace “yourdomain” with your own domain name). This will take you to the login screen.
Enter in your username and password. These were included in your initial setup instructions e-mail.
In order to logout securely, click the Logout button which is located at the top right of the screen. You will then see the logout screen.
This will list the IP address from which the last login took place as well as provide you a link to log directly back in.
This section will contain all of your general account settings such as language, themes, password and contact info, etc.
One of the biggest perks of this section is the Getting Started Wizard. This works like any other getting started wizard you have seen. It will take you through basic steps to get your account setup and running. Here is a list of the settings it has you configure as well as sections of information it has for the user:
- Introduction to Web Hosting
- How your site works – File structure
- Uploading files
- File Manager
- Web Disk
- FTP account
- Setup and access Web Disk
- Setup e-mail account
- Mail client configuration
- Setup default/catchall address
- Contact information and preferences
- Set style/theme
- Manage SSH keys
This area contains a link to all the Video Tutorials available in cPanel. These videos can either be accessed through this section or by going to the relative section in cPanel and clicking on the Video Tutorial button.
The Change Password section contains a strength meter where it tests the password you put in and will not let you change the password to something that is too weak. This will help you maintain stronger passwords which will minimize the chance of someone guessing your password. It also contains a password generator that will automatically generate a strong password and then suggest that your write the password down in a safe place so that you don’t forget it in the future.
In the Contact Information and Preferences area it allows you to add a second e-mail address to your account that will receive notifications along with the primary address. It also lets you choose if you would like notifications for when you are nearing your disk quota, nearing your bandwidth quota, or when an e-mail account is nearing its quota.
This section also contains a Shortcuts section where you can drag links they provide to your desktop to become shortcuts to either access cPanel or cPanel Webmail.
In this area you can setup your E-mail Accounts. This will have the same password strength meter and generator as appears in the overall password change section. It will also list all your current e-mail users and have direct links to Webmail for each one. The default e-mail address, or catch-all address, can also be defined in this section.
The Webmail section will provide a link to a secure webmail login page that contains links to either Horde, SquirrelMail, or RoundCube. You can choose whichever webmail client you like as well as set a default such that you don’t have to choose every time. It also provides links to BoxTrapper and instructions on how to setup an e-mail client. One possible troubleshooting tool, or at least an information tool, is the e-mail Delivery Route tool. This will show the steps the mail server will take in order to send to any e-mail address you enter in. This can be used to ensure it will send to the correct place.
BoxTrapper is an application that forces all people not listed in a user’s whitelist to reply to a verification e-mail before sending to you. This will help prevent spam but will also require the user to continuously be aware of the contents of their BoxTrapper Queue to ensure they are receiving legitimate e-mail.
The Mail section provides a link to setup SpamAssassin. Inside this link the user can disable or enable SpamAssassin as well as set the required hits score and decide if they want the spam e-mails automatically deleted. You can also jump into the Configure SpamAssassin area where you can enter e-mail addresses into the blacklist or whitelist as well as define your required hits value and assign scores to a given test. So if you want a certain test to score higher or lower than the default value, you can define it here.
When you first enable SpamAssassin, it will show you information on how it was enabled. The part of highest interest, I believe, is the part where it shows you the tests that it runs as well as the scores it assigns to each test. It will show similar to this:
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 MISSING_MID Missing Message-Id: header
2.2 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.)
0.0 MISSING_DATE Missing Date: header
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
1.6 MISSING_HEADERS Missing To: header
1.3 MISSING_SUBJECT Missing Subject: header
-0.0 NO_RECEIVED Informational: message has no Received headers
0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822 headers
You can use this information to assign the scores you want to each of those tests inside the Configure SpamAssassin area.
Within the Forwarders section a client can choose to forward a single address for a single domain name or you can choose to forward all addresses for a single domain name. When you choose to forward just a single address, you can opt to have it forwarded, have it discarded with a customized message sent back to the sender, or piped to a program.
The Auto-responder section allows the client to setup an auto-responder for any of the users on the account. You can specify the From address for the response as well as the subject line and content. It will even allow you to respond with an HTML message.
The client can choose to set a Default Address if you want. You will define this on a domain level so you can choose a different default address for each domain. This address will act as a catch-all alias and will catch all e-mail sent to any nonexistent user on the account under that domain. Catch-all addresses typically gather lots of spam and are not recommended.
The user can decide to discard e-mails sent to the default address with an error message sent back to the sender, forward these e-mails to another address, discard them altogether, or pipe them to a program.
Under the Mailing Lists section a client can setup new mailing lists. It will simply ask you for the name of the list, the password you want on it, and under which domain you would like it. After you create the list, you can click on the Manage button to the right of the list and it will take you into the MailMan control panel where you can manage the list and its users.
Inside the User Level Filtering section a client can define rules on a user level. There are quite a few customizations that can take place in this section so it can be very useful for many clients. Clients can filter by From address, Subject line, SpamAssassin rating, and many more. After you choose the rule you want, you can choose what you want done with the e-mail. This would include discarding the message, redirecting it, deliver to folder, pipe to program, etc. After the filter is all setup, you can run a Filter Test where you can enter in a mock message and test to ensure the filter is working as you desire.
There is also a Account Level Filtering section that will provide the same functionality as the User Level Filtering section but it will filter on an account level rather than a user level.
The e-mail Delivery Route option will allow the client to enter in an e-mail address to see the route the server will take in order to deliver the e-mail to the address entered in. This tool can be used in troubleshooting to ensure the e-mail is being sent to the correct place or can just be used as an informational tool.
A tool that will be very useful for any client that has a large number of e-mail addresses and/or forwarders is the Import Addresses/Forwarders tool. This allows the client to import any number of addresses or forwarders from a spreadsheet or CSV (Comma Separated Values) sheet. These can be delimited by any character and are just plain text files with a .csv extension. This section also has example spreadsheet and CSV files that the client can use as a model for their own. To get to these, just click the help button.
From there you will click the relevant download button and use it as a model.
In the e-mail Authentication section the client can setup SPF records and Domain Keys. The server will generate and install Domain Keys for them but the client can choose to customize the SPF record if you so choose. Otherwise the server generates a raw record and implements that.
Under the MX Entry section a client can customize the MX record for each domain individually. There is an option to “Always accept mail locally even if the primary mx does not point to this server” which can be used if you want e-mails sent locally to remain on the server rather than going to the server your MX record specifies. Leaving this unchecked is the equivalent of installing a stickyhost which will ensure that all e-mail sent, even if to a local address, gets forwarded to the MX server specified. Clients can also specify a secondary, or backup, e-mail server that e-mail will be delivered to in the event the primary server goes down.
The Backups section can be used to download a copy of the entire site (the home directory, databases, e-mail forwarders configuration, e-mail filters configuration) or just one of the above mentioned sections. It will download a tar.gz or .gz file that can be uploaded through the same screen at any time to restore from that backup. The e-mail configurations can be downloaded on a domain by domain basis and the databases will be backed up one by one unless the Full Web Site Backup option is chosen, in which case the entire site will be backed up. You can choose to store the full backup in your home directory or copy to another server via FTP or SCP.
The Backup Wizard provides a simpler solution for completing the tasks listed in the above section.
The File Manager provides an FTP like web client that can be used to edit, upload, and download files, etc. It provides the option to “FTP” into any of a number of separate directories, including the Web directories for each domain on the account. There will be an option to show hidden files in the File Manager so that will make it handier for clients. Once you login, you can make use of a plain text editor, a code editor, or an HTML editor depending on what you are wanting to do.
The Web Disk is setup to allow a user to navigate through files just as you navigate files on your home machine. It will provide you a drag and drop capability.
The Disk Space Usage section can be very useful when a client wants to know where space is being taken up. You can open this utility up and it will provide a graph of exactly how much space each folder takes up as well as a further breakdown.
The FTP Accounts section is pretty straightforward. In here you can create new FTP users and define which directory you would like them to have access to.
Within the FTP Session Control section, a client can see who is currently logged on via FTP and terminate any unwanted connections that may exist.
Within the Anonymous FTP section, a client can choose to allow anyone to login to their account anonymously as well as define a message that will be sent to any visitors that make use of this functionality.
The Logs section provides a number of different tools for gathering statistics and information regarding Web traffic. The Latest Visitors is a very simple interface in which a user can view the last 300 people to view their site. It just splits up the access log for the chosen domain so it will show the HTTP Code, Date of access, HTTP Version, Size downloaded, Referrer information, and the Agent used to access the Web site.
The Bandwidth section is nice because it will split up your overall bandwidth usage for the day, month, and year. This allows clients to track their bandwidth usage over time to monitor traffic patterns as well as ensure nothing is awry.
Webalizer provides detailed statistical information regarding Web site traffic. It is also possible to choose which domain for which you want to view the statistics.
Webalizer FTP is the same as above only it provides this information in regards to the FTP protocol rather than the HTTP protocol. This will only function if FTP logs have been enabled on the account.
Inside the Raw Access Log section, a client can choose to download a zipped version of the access log for a specific domain as well as make basic configuration changes in regards to archiving old logs. You can also choose to download any previously archived logs from this section.
Analog Stats is a lightweight statistics application that keeps basic information about Web site traffic on a month-to-month basic. This also splits up the information by domain name, and then again by month.
The Error Log section provides access to the last 300 lines of the error log on the account and can be used in troubleshooting issues or just periodically checking to ensure everything is as it should be.
The Choose Log Programs area will allow a client to choose which applications will keep data for which domain names, be it Analog, Awstats, or Webalizer.
Awstats provides in depth statistics about a given domain’s Web traffic.
The Password Protect Directories section allows you to setup passwords on any directory you like as well as setup multiple users to access said folder.
Within the IP Deny Manager, a client can choose to block a single IP address from accessing a site, or a range of IPs. It can take the request in a number of formats, all of which are listed on the page with examples.
The SSL/TLS Manager allows you to generate, view, upload, or delete a server key, CSR, or CRT file. It allows you quite a bit of control over their SSL certificate and will even allow you to choose between and 1024 bit and 2048 bit key.
Under the SSH/Shell Access section, a client can setup and manage their SSH keys (using either RSA or DSA encryption algorithms) as well as make use of Java based SSHTerm which does not require downloading or installing any software.
The HotLink Protection area provides a way in which clients can prevent other sites from directly linking to files, therefore stealing bandwidth. It provides a number of options such that you can choose which domains can hotlink and which files cannot be hotlinked, as well as whether or not you would like to put a redirect in place in the event someone attempts to hotlink to one of the specified files.
Leech Protection can be used to limit the number of logins from a single user within a period of time. This can help ensure their login information has not been compromised in any way. Once this limit is reached, a choice can be made between blocking the user, sending off an e-mail notification, or redirecting the leech user to another page.
From within cPanel: “GnuPG is a publicly available encryption scheme that uses the "public key" approach. With GnuPG, messages are encrypted using a "public key" however, they can only be decrypted by a "private key", which is retained by the intended recipient of the message.” It can be used to encrypt data and create digital signatures.
This area allows you to create Subdomains, add Domains, add a Parked Domain, or setup a 301 Redirect. You can also choose to redirect the subdomain, domain, or parked domain to another URL. You can also make use of a 301 (or 302) generator that will setup the redirect in a .htaccess file.
The MySQL Databases section allows clients to create new databases as well as modify existing databases by utilizing the Check DB or Repair DB utilities. Clients can also setup new MySQL users on this screen and assign them to specific databases and customize the specific permissions to your needs.
The MySQL Database Wizard provides a simple walk-through process to accomplish the above.
phpMyAdmin simply provides a link to access phpMyAdmin where clients can view, edit, and create new databases and database users.
Under the Remote Database Access Hosts section, a client can specify which hosts can connect remotely to their databases.
The CGI Center provides clients a number of pre-installed scripts that can be handy for small tasks. For example, it provides a Counter script, a CGI e-mail script that will e-mail the contents of an HTML form to a specified address, a Countdown script, a Search Engine, etc.
The Site Software section provides a place for you to update your software as updates become available. You can choose to receive a notice when these become available.
The Perl Modules area allows you to install any Perl module you may need. It provides a list of available modules as well as ones that are already installed.
The PHP Pear Packages section provides a place for you to install a PHP extension of application. It provides a list of available extensions and applications as well as ones that are already installed.
Within the PHP Configuration section, you will find a list of PHP configuration settings that can be changed by an administrator. The list is provided for reference only.
The Applications section links to an application call Installatron which is used as an installer for all site applications such as phpBB, Drupal, PHPlist, CubeCart, etc.
The Apache Handlers area provides you with the ability to setup custom Apache handlers to fit your own needs. To learn more about Apache handlers, use the following:
One section that can be extremely helpful to you is the Image Tools section. This allows you to view a thumbnail version of all the images you have in a given directory as well as rescale them if needed. You can also choose to change the format of the image between jpg, gif, bmp, etc.
Within the Index Manager, you can choose to turn on Indexing for specific directories on their account and can choose how the indexes are viewed (either Standard or Fancy). This is the equivalent of using ‘Options +Indexes’ in a .htaccess file.
You can choose to define custom error pages on a specific domain within the Error Pages section. It provides easy-to-use tools to aid you in customizing your error pages by adding information like the visitor’s IP address, server name, redirect status code, etc.
The Cron Jobs section provides a way for you to input a cron job on your account. You can choose between a simple GUI-style area, where you just choose the day and time from drop down menus, or an advanced Unix style area where the entry would be setup like unto the ‘editcron –e’ command.
The Network Tools area provides an easy way for you to perform a domain lookup on any domain as well as run a traceroute from your PC to the server. The domain lookup tool simply performs a ‘dig’ on the domain.
The MIME Types section allows you to create new MIME types on your account as well as view the existing ones.