The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bug or?

Discussion in 'General Discussion' started by numberonehost, Jan 6, 2004.

  1. numberonehost

    numberonehost Active Member

    Joined:
    Apr 29, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    I just noticed that you can log into any FTP and cpanel account on the server by using the root password. Is this how it is supposed to be?
     
  2. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    I would change the root pass immediatly if I were you, FTP is sending your pass in plain text (unleas you are using SFTP)
     
  3. numberonehost

    numberonehost Active Member

    Joined:
    Apr 29, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    Could you explain why I should? I use regular FTP.
     
  4. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    It's like if someone is after your root password they can use different tools to catch your password = your server gets compromised. search for SFTP if you realy need to use root password when using FTP
     
  5. numberonehost

    numberonehost Active Member

    Joined:
    Apr 29, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    Thank you for your advice. I will check it out.
     
  6. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Anytime root password is sent over an insecure connection, you have the risk of hackers getting it.

    Root password is supposed to allow you into any users cpanel or ftp. It allows you to access anyones site without needing to know their password, but, as already said, use a secureftp program before logging into anyones account with root password.
     
  7. The MAzTER

    The MAzTER Well-Known Member

    Joined:
    Jul 3, 2003
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
    does it leave ur ip in cpanel as well? (last login ip?)
     
  8. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    If you log in to a clients cpanel with root password through port 2082 it will show your IP. Through port 2083 it will show localhost. I would never use root password without a secure connection (2083).
     
Loading...

Share This Page