AVOID to provide cpanel demo !!!

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
I don't know if the problem still exists on cpanel 6.x , however if you are provinding a cpanel 5.x demo remove it asap !

If you have a cpanel demo you are at serious risk .

Of couse if you have a dedicated only for cpanel demo
you should not have great problems ;)
 

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
[quote:595aeaf353][i:595aeaf353]Originally posted by awsol[/i:595aeaf353]

And what is the problem with it??[/quote:595aeaf353]

tons of problems !!!
 

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
possiblity to create ftp accounts ... (also if apparently denied from cpanel an hacker is able to create them)
possibility to install frontpage extensions ... (also if apparently denied from cpanel an hacker is able to install them)
rootkit installation problems ...
mysql problems ...

avoid to turn it on if you want stay more safe.

(also the cause of the problem described by Dgbaker http://forums.cpanel.net/read.php?TID=7421 was 99% caused by Cpanel Demo)
 

awsol

cPanel Test Bitch
Feb 8, 2002
591
0
316
Boston MA
Why would frontpage extensions be a problem?

Let me explain how I do it. I just terminate the account and recreate it every few days. This wipes out anything somebody does and starts fresh. I've had people upload porn and everything. It's part of having a demo so they can see how it works. Static page are garbage because the user don't get the exact feel.
 

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
[quote:1129ee2ec6][i:1129ee2ec6]Originally posted by awsol[/i:1129ee2ec6]

Why would frontpage extensions be a problem?

Let me explain how I do it. I just terminate the account and recreate it every few days. This wipes out anything somebody does and starts fresh. I've had people upload porn and everything. It's part of having a demo so they can see how it works. Static page are garbage because the user don't get the exact feel.[/quote:1129ee2ec6]

frontpage probably not , but ftp yes . An hacker that
gain ftp potentially if has php and perl can go EVERYwhere on the server such as with the shell .

But is not only that the serious problem
Also the problem described by Dgbaker http://forums.cpanel.net/read.php?TID=7421 was 99% caused by a vulnerability on Cpanel Demo .
 

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
[quote:8f1c88aa77][i:8f1c88aa77]Originally posted by Radio_Head[/i:8f1c88aa77]

[quote:8f1c88aa77][i:8f1c88aa77]Originally posted by awsol[/i:8f1c88aa77]

Why would frontpage extensions be a problem?

Let me explain how I do it. I just terminate the account and recreate it every few days. This wipes out anything somebody does and starts fresh. I've had people upload porn and everything. It's part of having a demo so they can see how it works. Static page are garbage because the user don't get the exact feel.[/quote:8f1c88aa77]

frontpage probably not , but ftp yes !. An hacker that
gain ftp potentially if has php and perl can go EVERYwhere on the server such as with the shell .

But is not only that the serious problem
Also the problem described by Dgbaker http://forums.cpanel.net/read.php?TID=7421 was 99% caused by a vulnerability on Cpanel Demo .

[/quote:8f1c88aa77]

perhaps the solution is to create a cpanel demo over an account without cgi/php , it should be more safe , but I don't want try it on my skin again.
I stopped definitely to provide a cpanel demo .
 

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,576
9
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
Steve - You mentioned people upload stuff like porn etc... and you remove and readd the account every few days.

Well during those few days, what stops someone from uploading a malicious script(s) that create backdoors or install trojans?

Even removing the account will not clear these if the damage has been done. There are more than a few of us who have got nailed by someone being able to do things in the demo client.

Having a demo is nice, but if it opens up any sort of security hole no matter how big or small, is it really worth the risk to your server and mostly your clients if the server truly gets compromised?

For demo's just point to cpanel's own demo on their site. And show screen shots of your different themes.
 

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
[quote:3145571c83][i:3145571c83]Originally posted by awsol[/i:3145571c83]

Why would frontpage extensions be a problem?

Let me explain how I do it. I just terminate the account and recreate it every few days. This wipes out anything somebody does and starts fresh. I've had people upload porn and everything. It's part of having a demo so they can see how it works. Static page are garbage because the user don't get the exact feel.[/quote:3145571c83]

awsol , i tried now your cpanel demo and I was able to get
your /etc/passwd on nix in 1 minute. If you don't believe me
I will send you a pm with your /etc/passwd .
It's only an example of how is vulnerable Cpanel Demo.
Consider that I am not abssolutely an hacker or a guru however using the cpanel demo I was able to get your
/etc/passwd or to browse your accounts in1 minute .
What could be do an hacker ?! A lot of things ...very dangerous .
 

awsol

cPanel Test Bitch
Feb 8, 2002
591
0
316
Boston MA
/etc/passwd is meant to be read. That's where everything runs from as far as users and passwords. Therefore all users need access to it. Yes you can see it but try decrypting it. Unless you have a super computer it won't happen.
 

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
as you believe awsol . It's only a suggestion , you decide .

etc/passwd is an example ; however with your /etc/passwd I could browse all your accounts getting clean mysql password for example or cacthing php code from your client's sites , however I am not an hacker ;) , I have no reason to do that . But every visitor with a little experience could do that .

And as dgbaker explained , there are other exploits most dangerous .