The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Back Door into Root WHM

Discussion in 'General Discussion' started by marinanewman, Dec 29, 2002.

  1. marinanewman

    marinanewman Active Member

    Joined:
    Nov 28, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    had a reseller call me admitting he was able to get into the root WHM using his username and password...

    Is there anyway to close this door.

    http://serveripaddress:2086/command
     
  2. jimcarter

    jimcarter Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    as he was using his username and password, and not root as the username he was probably just mistakenly given root access in reseller privileges,
    if you login as root to your server, then edit the reseller privileges for his user, just uncheck the box marked all features,
    hope this helps
    thanks :)
     
  3. marinanewman

    marinanewman Active Member

    Joined:
    Nov 28, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    he does not have root privileges, and does not have all features checked... and his normal whm does not have all the features he named off to me on the telephone..

    maybe just a fluke... will keep an eye on it...
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Holy nightmare Batman, almost had me going there.

    http://serveripaddress:2086/command/

    Ooops! I lost your webpage [./command/] and I don't know where it went!!??!!
    Please forgive me


    http://serveripaddress:2086/command

    You get the left-hand navigation frame of Cpanel 3. Although some links do not work and it's much more limited than version 5, you still need to have &root& access or SSH permission.


    Have a look in: Account Functions & Manage Shell Access, to see if the Client is listed. Must be some logical reason why they got in, but I know not what. :)
     
  5. marinanewman

    marinanewman Active Member

    Joined:
    Nov 28, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    no shell access... no root privileges.. hoping it was just a fluke..
     
Loading...

Share This Page