marinanewman

Active Member
Nov 28, 2002
32
1
158
had a reseller call me admitting he was able to get into the root WHM using his username and password...

Is there anyway to close this door.

http://serveripaddress:2086/command
 

jimcarter

Well-Known Member
Jun 30, 2002
152
0
166
UK
as he was using his username and password, and not root as the username he was probably just mistakenly given root access in reseller privileges,
if you login as root to your server, then edit the reseller privileges for his user, just uncheck the box marked all features,
hope this helps
thanks :)
 

marinanewman

Active Member
Nov 28, 2002
32
1
158
he does not have root privileges, and does not have all features checked... and his normal whm does not have all the features he named off to me on the telephone..

maybe just a fluke... will keep an eye on it...
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Holy nightmare Batman, almost had me going there.

http://serveripaddress:2086/command/

Ooops! I lost your webpage [./command/] and I don't know where it went!!??!!
Please forgive me


http://serveripaddress:2086/command

You get the left-hand navigation frame of Cpanel 3. Although some links do not work and it's much more limited than version 5, you still need to have &root& access or SSH permission.


Have a look in: Account Functions & Manage Shell Access, to see if the Client is listed. Must be some logical reason why they got in, but I know not what. :)