The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel bug or what?

Discussion in 'Security' started by upsforum, Dec 20, 2013.

  1. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    452
    Likes Received:
    0
    Trophy Points:
    166
    on a vps I created a new account yesterday, the account is "dipenden" username, today a user acceded and uploaded a zip file phishing on this ftp account but from cpanel of another account, this is access_log:

    IP-NOAUTH-USER - dipenden [12/20/2013:11:31:25 -0000] "GET /cpsess0000000/frontend/x3/files/img/fileactions/codeedit.png HTTP/1.1" 200 0 "http://www.anotherdomnainonsamevps:2082/cpsess4836193581/frontend/x3/files/selfile.html?dir=%2fhome%2fdipenden%2fpublic_html%2fimage&file=WellsfargoOnline.zip" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0" "-"

    how is this possible?
     
    #1 upsforum, Dec 20, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,599
    Likes Received:
    1,128
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    The ports used to access services such as cPanel/WHM are accessible over any domain name that points to the server. Thus, if a user had valid authentication details, they can use any domain name that points to the server to access cPanel. You are welcome to open a support ticket so we can take a closer look and verify it's not anything more than that:

    Submit A Ticket

    You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    #2 cPanelMichael, Dec 20, 2013
  3. upsforum

    upsforum Well-Known Member

    Joined:
    Jul 27, 2005
    Messages:
    452
    Likes Received:
    0
    Trophy Points:
    166
    thank you, I submitted a ticket
     
    #3 upsforum, Dec 20, 2013
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,599
    Likes Received:
    1,128
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Would you mind sharing the ticket number so we can update this thread with the outcome?

    Thank you.
     
    #4 cPanelMichael, Dec 23, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - cpanel
  1. cPanelBenny

    The 2017 cPanel® Conference announces evening events, conference schedule, and extends 50%-off early

    cPanelBenny, Jun 21, 2017 at 4:17 AM, in forum: cPanel Announcements
    Replies:
    0
    Views:
    44
    cPanelBenny
    Jun 21, 2017 at 4:17 AM
  2. Abdi

    Help to get started with cPanel

    Abdi, Jun 19, 2017 at 8:04 PM, in forum: General Discussion
    Replies:
    1
    Views:
    25
    cPanelMichael
    Jun 20, 2017 at 8:48 AM
  3. harkirat20

    SOLVED Cannot connect to cPanel Ports open

    harkirat20, Jun 19, 2017 at 9:09 AM, in forum: Bind / DNS / Nameserver Issues
    Replies:
    2
    Views:
    34
    harkirat20
    Jun 19, 2017 at 9:40 PM
  4. Serra

    Current Usage on cPanel vs LVE Manager

    Serra, Jun 18, 2017 at 7:12 PM, in forum: CloudLinux
    Replies:
    5
    Views:
    83
    Serra
    Jun 22, 2017 at 7:24 AM
  5. narendar

    Install cPanel with min ram

    narendar, Jun 16, 2017 at 8:30 AM, in forum: General Discussion
    Replies:
    1
    Views:
    50
    cPanelKenneth
    Jun 16, 2017 at 9:12 AM

Share This Page