Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

clustering security risks

Discussion in 'Bind/DNS/Nameserver' started by Jeff-C, Jan 18, 2006.

  1. Jeff-C

    Jeff-C Well-Known Member

    Joined:
    Mar 16, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    166
    How does cpanel's multiple-server clustering feature affect the security of each of the individual clustered servers? For example, if one server in a cpanel cluster is rooted has cpanel's clustering feature ever been used to take down the other servers in the cpanel cluster?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    The DNS clustering feature connects between servers using the WHM secure port (2087) and authenticates using the remote systems Remote Key. It doesn't use root password authentication. That said, once you have a remote servers Remote Key you can access many root functions within WHM on that server using a scripting language such as perl or PHP.

    I guess that any mechanism that allows you access between servers is going to have inherent security issues. I've certainly never heard of a compromise in this fashion though. While the risk might be there, it's probably very small indeed and since clustered servers are most likely maintained by the same person, the risk of a root compromise on one server could well be the same on the others anyway.

    Personally, I wouldn't worry about it too much. Just be sure to have good security and tripwire procedures in place to detect a root compromise, should you suffer one, asap.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice