The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BULK Password Reset possible - hacked

Discussion in 'General Discussion' started by gariben, Jul 23, 2009.

  1. gariben

    gariben Member

    Joined:
    Sep 27, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I have close to 100 accounts on one Cpanel account. Is it possible to Bulk Password Modification all accounts at ONCE?

    I don't actually need to know the new password. If I do need to FTP to the site, I will manually change the FTP for the one account.

    I want to constantly change the Passwords to defeat any possible hacker attempts (gumblar/malware virus).
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    You could build a script that uses our APIs to perform the bulk password modification. However, no such feature is built into the cPanel user interface at this time.

    Keep in mind, FTP is an inherently insecure protocol since usernames and passwords are always sent in plain text (which anyone can read). I recommend you and your colleagues switch to FTP over SSL/TLS (FTPS) instead. Many FTP clients support this and it's often just a matter of switching a setting from "FTP" to "FTPS" in the FTP client.

    With FTPS, everything is the same except now your username and password is encrypted when it is sent to the server. This means it is harder for others to snoop on your traffic to grab your passwords (not just malware).

    Of course, it is prudent to ensure systems that are connecting to your site to upload content are clear of malware.

    Additionally, if you find yourself with many FTP accounts that are not being used frequently, you may want to delete those unused FTP accounts.
     
  3. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    London, UK
    Is there any way we can disable standard FTP on cPanel servers, and only allow SFTP or FTPS?

    Thanks,

    - Vince
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Unfortunately, not at this time.
     
  5. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    David,

    With apologies to gariben for further hijacking this thread, can you clarify the following?

    Using pure-ftpd in WHM > Ftp Server Config, the option to "Require" TLS Encryption Support should encrypt the password information but the protocol falls back from Prot P to Prot C (unencrypted data channel) after connection. This should effectively disable standard FTP connections and only allow FTPS.

    My understanding is the forth coming cPanel 11.25 will include the option to enforce Prot P (TLS 3 - encrypted comm and data channels).

    Another option seems to be disabling pure-ftpd to only allow SFTP using the SSH port. Dreamweaver for instance has SFTP capability.
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Thanks for pointing out that configuration setting to me. I must have overlooked it when going through the .conf files.

    I believe requiring encryption is what you are looking for.

    Regarding using only SFTP, keep in mind that FTP accounts you have created do not work with SFTP, only FTP and FTPS. Only your cPanel credentials will work with SFTP. I know our UI says otherwise, and that is a bug that is being resolved (Case 26282)
     
  7. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thanks David for pointing that out. So far in testing had only used cPanel credentials.
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Case 26282 has been addressed in version 11.32.3.15 and later.
     
  9. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Just in case anyone wants such an app, we have released a paid version of this plugin :

     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:

    Please add it to the cPanel AppCat:
    cPanel App Catalog
     
  11. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    We did; but has not come up on the catalog yet.
     
  12. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The submission should be processed soon.

    Thanks.
     
  13. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Thank You :)
     
Loading...

Share This Page