The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Addon domains - security problem

Discussion in 'Security' started by WMS, Jan 12, 2005.

  1. WMS

    WMS Active Member

    Joined:
    Jul 18, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Moscow
    The problem:

    1st user (user1) has an account on our server.
    2nd user (user2) has an account on the same server.

    user1 has the add-on domain name domain.com.
    user2 added the same domain name domain.com to his account WITHOUT any problems.

    Result: user1 lost his site, emails and visitors. user2 has all the vistors and all the emails from domain.com

    Question: HOW TO PREVENT THIS????

    This is REALLY BIG problem!


    PS: Sorry for my English.
     
  2. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I think you need to make it clearer. I have no idea what you are saying - what are domain names and what are the add-on domains. It should not be possible to link to seperate domains together except as server admin. Is this what you are saying?


    Two domains:

    mydoman.com
    yourdomain.com

    Problem:

    me.mydomain.com and

    me.yourdomain.com never cross as they are off the tld.
     
  3. WMS

    WMS Active Member

    Joined:
    Jul 18, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Moscow
    2 ABSOLUTELY separate accounts: user1 and user2 on 1 server.
    user1 has ALREADY installed add-on domain "domain.com". It works fine.
    Then user2 adds to HIS account THE SAME domain name "domain.com", which is already on account user1.

    Now "domain.com" is add-on domain for the account user2.

    Cpanel does not check that domain name is already on someone's account or not.

    Is it clear enough?

    English is not my native language and I don't use it too often, so excuse me.
     
  4. autumnwalker

    autumnwalker Member

    Joined:
    Jan 5, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    He is saying that a 2nd user added the same domain.com as the 1st users domain. Now the 2nd user stole all the traffic and emails because he used the same exact domain.com name. He is asking if there is a way to prevent two users from creating the same domain.com names.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'd suggest that you log it in bugzilla for cPanel to look at -clearly it shouldn't be allowed, but it is a risk you run if you allow users to use the park/addon domains feature.
     
  6. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    What do you have checked in tweak settings in the domain section?
     
  7. WMS

    WMS Active Member

    Joined:
    Jul 18, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Moscow
    There's no such option in Tweak Settings.

    There are:
    Allow Creation of Parked/Addon Domains that are not registered (NOT CHECKED)
    Allow Creation of Parked/Addon Domains that resolve to other servers (ie domain transfers) [This can be a major security problem. If you must have it enabled, be sure to not allow users to park common internet domains.] (NOT CHECKED)
    Allow users to Park/Addon Domains on top of domains owned by other users. (probably a bad idea) (NOT CHECKED)
    Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com) (CHECKED)
     
Loading...

Share This Page