LinkBack URL
About LinkBacksJust noticed this under "tweak settings".
Anyone know more about it?
How's it done?
Allow cPanel users to reset their password via email
Just noticed this under "tweak settings".
Anyone know more about it?
How's it done?
If you try to login to CPanel now, and do not put the proper user/pass in, it gives you a screen that allows you to reset your password and have it sent to the "contact email" for that user in CPanel.
Try it yourself.
I didn't see that you could disable that in WHM until you mentioned it. Thanks.
I completely disabled this option. Anyone can go to a website and request a password reset. This is pretty much a security issue i think. What would happen if you had some person abusing this function? You could have somebody go to anyones website and attempt this 50+ times. It would drive the owner nuts not to mention that if this function failed to send the email or it got lost the owner would never get his password.
Thanks for the info. I disabled it as well.
People reading this should note that it is enabled by default so disable it if you don't want it.
I tend to look at "tweak settings" after running upcp as things get added there every so often and new things are sometimes enabled by default.
Look through the change log before deciding it is a bad feature or what people can do to abuse it.:
+-------------------------------------------------------------+
Fri Jan 30 03:42:00 EST 2004
8.7.0-EDGE_51
---------------------------------------------------------------
prevent more then 3 password resets per ip per hour
---------------------------------------------------------------
Oh, and try the feature as well. I think you will find that the email is sends has not already changed the password and that the password is never sent over email. I think some of you should try the feature before condemning it. I am not saying it is great, but you guys are condemning it for reasons that don't even exist. I am not a cpanel quior boy, but get your facts straight before complaining.
Last edited by Marty; 02-10-2004 at 04:55 AM.
Marty Hoskins
TLC Web Enterprises
Re: Allow cPanel users to reset their password via email
btw, here is how it works.Originally posted by ghv
Just noticed this under "tweak settings".
Anyone know more about it?
How's it done?
Upon a failed login, the user is asked if he wants to reset his password, and is presented a request for his username. He enters his username and clicks submit. An email is dispatched to the contact email address listed in cpanel for that account. That email has an ssl and non-ssl link. (Note: There is not password in the email and the password has not been changed yet.) When the user clicks on a link, the password is changed and page pops up with the new, randomly generated password, and a link to the control panel. I think it is pretty nice and deals with the bulk of the security issues in a pretty good way.
Marty Hoskins
TLC Web Enterprises
I disabled mine because I don't have any usersOriginally posted by Marty
I am not a cpanel quior boy, but get your facts straight before complaining.
Pretty good reason I think...
Or just wait a few weeks and see what happensOriginally posted by Marty
Look through the change log before deciding it is a bad feature or what people can do to abuse it.:
Reply With Quote