CPanel Demo Account
Hello, I'm reseller in hosting company and I'm using the CPanel with the WHM.
Also i like to give to my clients the ability to see a demo of the CPanel.
What i done is to create an account with a dummy domain name and then from my domain to give the ability to log in into this account
My Domain is http://www.datacenterhellas.eu (still in greek)
And what i done is that
http://www.datacenterhellas.eu:2082/...xx&pass=xxxxxx
The question is :
Is that safe ? ? ?
Thanks a lot ! ! !
I personally think it is unsafe and could create a lot of problems, like someone creating a dumm email then using webmail to login and send spam etc... We built a demo using static pages, basically it loaded what looked like cPanel but had no functionality. Why not just use, http://x3demob.cpx3demo.com:2082/log...b&pass=x3demob ??
I find using a static demo is the best way to go as it allows your potential customers to see everything that cPanel can do, and it keeps things secure. If you have good HTML/PHP knowledge you can spice the static pages up a bit to see a bit more realistic while still retaining the overall segregation from the underlying cPanel system.
WHM >> Account Functions >> Disable or Enable Demo Mode and pick the account to turn into a demo account.Originally Posted by merianos
You have to create a new account for it, I normally use demo.domain.com. Be aware of the ramifications of having the demo enabled though.
The problem is that I don't know how to create a Demo for the CPanel ! ! !
I have not see any option on my WHM that can create a Demo site ! ! !
Any help ? ? ?
I don't have this option in my Account Functions. What can I do, or what can i ask my Web Hosting Company that providing to me the Web Space for reselling ? ? ?
If you're a reseller, your host may have turned off this feature for security reasons, you'll need to ask them.
Thanks ! ! !
Thanks ! ! !
Greetings from Greece,
You can always give out cPanel's online demo at http://x3demob.cpx3demo.com:2082/log...b&pass=x3demob .
I for one would love to hear exactly what the security issues are with setting up a cPanel demo account, so for the arguments I see against this do not make any sense, e.g. in this thread someone stated, "like someone creating a dumm email then using webmail to login and send spam etc.." which is not at all possible to do with a cPanel account in demo mode.
And I have read posts in this forum that make statements like, "I can think of hundreds of ways a demo account could be hacked." But of course this individual did not actually list ANY.
And elsewhere I understand that you can play with the cPanel demo template to close the security holes, but even this poster did not mention what exactly needs to be done to make this secure.
Is there someone out there that really actually knows about what the vulnerabilities are in this regard?
Greetings from Greece,
I strongly believe that if there were "hundreds of security issues" with this, cPanel would have closed them or disable this feature. I have enabled this feature since I started using cPanel in 2003 and don't have any problems since then.
Allowing access to Cpanel to the open public is a BAD idea and the way
you implemented things as opening a test account is worse!
Cpanel does have a "demo mode" that limits access but I do not recommend
that you use that either as I personally know a great many ways to use
the demo account to gain real access to the server and as a professional
security consultant, I have on occasion needed to use it to help owners
gain root access back to their servers so needless to say it's not the
greatest of ideas either.
If you want to show users what the control panel looks like then the best
avenue is to give them a few captured graphic screenshots so that they
can look at photos of your control panel and not the actual control panel
itself and give them a link here where they can read more about it.
Thanks for your input Spiral, and I understand why you would not want to outline how a cPanel server could be hacked through a demo account, but still at least since the advent of v11, this does seem a little far fetched as I am finding many, perhaps hundreds of commercial web hosts who use cPanel's demo mode.
At least let me ask you this. When you say, "I have on occasion needed to use it to help owners gain root access back to their servers so needless to say it's not the greatest of ideas either." Here are my specific questions regarding this statement:
Since when? Recently? In 2009? After the release of the more recent versions of v11?
(I can only find references to cPanel demo accounts being hacked in previous versions of cPanel, e.g. v10 and earlier).
Was the server on public/private keys for SSH?
(I assume that shell access was off for the demo account).
Was FTP access for the demo account switched off?
Thanks very much for any further response in this regard that you may have.
Actually I used that earlier this week in fact on a client's server
and they were running the latest "Current" tree release that was
just updated earlier that same day in fact so to answer your question ...
Yes, in 2009! Yes, more recent release of v11!
Last edited by Spiral; 06-14-2009 at 08:15 PM. Reason: Original might contain too much info for hackers
Okay, thanks very much. And yes, I do realize that with enough knowledge anything that is wired to the Internet can be hacked. That said, with your self-professed wide and deep knowledge of security matters (I don't doubt that what you say is true), I am wondering why you are not working with cPanel.net techs to shore up their system?
Seems like you would still have plenty of work to do out there even after cPanel is rock solid. Lord only knows it's hard enough to make it as a web host without the addition of hackers shooting at you from every direction, and with all the additional expense and the sheer man-hours it takes to shore up and maintain security on cPanel servers. (Even though cPanel in this regard does seem to be much improved these days as opposed to previous years).
LinkBack URL
About LinkBacks
Reply With Quote