shell users can access cpanel.

**ike** · 11-10-2007 09:11 PM

i recently had a user tell me they could get on cpanel even though they dont have a webhosting account with me. they have a shell account they run a psybnc. but when he went to domain.com/cpanel and the login came up his shell login and password logged him into cpanel. while i checked this out and it was true. he had no settings and there were errors as he didnt have any setup to work with i was still troubled that he could get into this. Is this a normal thing and can it be exploitable and if so is there a way to stop this?

**ike** · 11-12-2007 01:32 AM

noone has any idea? or have i worded it wrong?

**cPanelDavidG** · 11-12-2007 10:51 AM

Originally Posted by ike

i recently had a user tell me they could get on cpanel even though they dont have a webhosting account with me. they have a shell account they run a psybnc. but when he went to domain.com/cpanel and the login came up his shell login and password logged him into cpanel. while i checked this out and it was true. he had no settings and there were errors as he didnt have any setup to work with i was still troubled that he could get into this. Is this a normal thing and can it be exploitable and if so is there a way to stop this?

cPanel authenticates against system users. If you created a system user for that individual (which it sounds like you did), then they would be able to login via cPanel and experience the errors you mentioned.

LinkBack

Thread Tools

shell users can access cpanel.

Disable SSH/Shell Access for all users

can I modify shell access for users

Users enabling shell access...

Weird Access Problem All shell users can get into cpanel

Disable shell access for all users