The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CPanel Demo Account

Discussion in 'General Discussion' started by merianos, Jan 31, 2009.

  1. merianos

    merianos Member

    Joined:
    Jan 31, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hello, I'm reseller in hosting company and I'm using the CPanel with the WHM.

    Also i like to give to my clients the ability to see a demo of the CPanel.

    What i done is to create an account with a dummy domain name and then from my domain to give the ability to log in into this account

    My Domain is http://www.datacenterhellas.eu (still in greek)

    And what i done is that

    http://www.datacenterhellas.eu:2082/login/?user=xxxxxx&pass=xxxxxx

    The question is :

    Is that safe ? ? ?

    Thanks a lot ! ! !
     
  2. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    I personally think it is unsafe and could create a lot of problems, like someone creating a dumm email then using webmail to login and send spam etc... We built a demo using static pages, basically it loaded what looked like cPanel but had no functionality. Why not just use, http://x3demob.cpx3demo.com:2082/login/?user=x3demob&pass=x3demob ??
     
  3. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    I find using a static demo is the best way to go as it allows your potential customers to see everything that cPanel can do, and it keeps things secure. If you have good HTML/PHP knowledge you can spice the static pages up a bit to see a bit more realistic while still retaining the overall segregation from the underlying cPanel system.
     
  4. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    WHM >> Account Functions >> Disable or Enable Demo Mode and pick the account to turn into a demo account.

    You have to create a new account for it, I normally use demo.domain.com. Be aware of the ramifications of having the demo enabled though.
     
  5. merianos

    merianos Member

    Joined:
    Jan 31, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    The problem is that I don't know how to create a Demo for the CPanel ! ! !

    I have not see any option on my WHM that can create a Demo site ! ! !

    Any help ? ? ?
     
  6. merianos

    merianos Member

    Joined:
    Jan 31, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I don't have this option in my Account Functions. What can I do, or what can i ask my Web Hosting Company that providing to me the Web Space for reselling ? ? ?
     
  7. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    If you're a reseller, your host may have turned off this feature for security reasons, you'll need to ask them.
     
  8. merianos

    merianos Member

    Joined:
    Jan 31, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thanks ! ! !

    Thanks ! ! !
     
  9. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
  10. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I for one would love to hear exactly what the security issues are with setting up a cPanel demo account, so for the arguments I see against this do not make any sense, e.g. in this thread someone stated, "like someone creating a dumm email then using webmail to login and send spam etc.." which is not at all possible to do with a cPanel account in demo mode.

    And I have read posts in this forum that make statements like, "I can think of hundreds of ways a demo account could be hacked." But of course this individual did not actually list ANY.

    And elsewhere I understand that you can play with the cPanel demo template to close the security holes, but even this poster did not mention what exactly needs to be done to make this secure.

    Is there someone out there that really actually knows about what the vulnerabilities are in this regard?
     
  11. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Greetings from Greece,

    I strongly believe that if there were "hundreds of security issues" with this, cPanel would have closed them or disable this feature. I have enabled this feature since I started using cPanel in 2003 and don't have any problems since then.
     
  12. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Allowing access to Cpanel to the open public is a BAD idea and the way
    you implemented things as opening a test account is worse!

    Cpanel does have a "demo mode" that limits access but I do not recommend
    that you use that either as I personally know a great many ways to use
    the demo account to gain real access to the server and as a professional
    security consultant, I have on occasion needed to use it to help owners
    gain root access back to their servers so needless to say it's not the
    greatest of ideas either.

    If you want to show users what the control panel looks like then the best
    avenue is to give them a few captured graphic screenshots so that they
    can look at photos of your control panel and not the actual control panel
    itself and give them a link here where they can read more about it.
     
  13. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks for your input Spiral, and I understand why you would not want to outline how a cPanel server could be hacked through a demo account, but still at least since the advent of v11, this does seem a little far fetched as I am finding many, perhaps hundreds of commercial web hosts who use cPanel's demo mode.

    At least let me ask you this. When you say, "I have on occasion needed to use it to help owners gain root access back to their servers so needless to say it's not the greatest of ideas either." Here are my specific questions regarding this statement:

    Since when? Recently? In 2009? After the release of the more recent versions of v11?
    (I can only find references to cPanel demo accounts being hacked in previous versions of cPanel, e.g. v10 and earlier).

    Was the server on public/private keys for SSH?
    (I assume that shell access was off for the demo account).

    Was FTP access for the demo account switched off?

    Thanks very much for any further response in this regard that you may have.
     
  14. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Actually I used that earlier this week in fact on a client's server
    and they were running the latest "Current" tree release that was
    just updated earlier that same day in fact so to answer your question ...

    Yes, in 2009! Yes, more recent release of v11!
     
    #14 Spiral, Jun 14, 2009
    Last edited: Jun 14, 2009
  15. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Okay, thanks very much. And yes, I do realize that with enough knowledge anything that is wired to the Internet can be hacked. That said, with your self-professed wide and deep knowledge of security matters (I don't doubt that what you say is true), I am wondering why you are not working with cPanel.net techs to shore up their system?

    Seems like you would still have plenty of work to do out there even after cPanel is rock solid. Lord only knows it's hard enough to make it as a web host without the addition of hackers shooting at you from every direction, and with all the additional expense and the sheer man-hours it takes to shore up and maintain security on cPanel servers. (Even though cPanel in this regard does seem to be much improved these days as opposed to previous years).
     
  16. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I don't think I've laughed so hard in years! Thanks :D

    You might be advised to go back and read my posts through the years
    and how many times I found myself time and time again on the front line
    working to come up with patches for issues to hold things over for other
    users often before Cpanel could come up with patches of their own or
    solving other on going issues time and time again.

    To be frank though, in some cases I do actually contact Cpanel and let
    them know what issues are to be found and exactly what needs to be
    done to fix the issues and I am a member of their beta test group and
    some of the development feeds.

    However, there are times when I don't disclose issues found because it
    would be far too dangerous if that information leaked out and I have
    had times in the past where I have learned the hard way telling someone
    you think would help only to find they told someone who told someone
    else and so on until every hacker on the planet knows what they need
    to do to hack every system and that is definitely not a good thing.

    Yes, Cpanel is definitely much improved over it's past but, it still has
    a long way to go and that is definitely for certain!

    At least you can tell they are working hard and constantly evolving!

    Work out there? Yes, there is definitely plenty of work to be done! ;)
     
Loading...

Share This Page