cPanel, WHM, Webmail customer login forms

[onpointsystems]

Hello cPanel World,
We need some assistance to guide us on what files and locations we need to modify to achieve our goals. I do understand not every implementation is the best nor the most secure but the goal is to slowdown or deter script kiddies and bots. Security is a layered approach and not one layer is completely impenetrable but we still would like to complete our implementation.


We have already added bulk list of IP addresses to try and block attackers from outside of the US since we do not have any clients that conduct business with anyone outside of the US. We do not want to enable security questions and IP restrictions is a daunting administration task.

There is no simple index file we can update because we feel the login.php that appears as the page with the form is made if of a few different files.

We have created a new theme but that only allows us to customize the outer shell of the forms and not the form itself. We want to implement a captcha to the login but after days of trying and researching we can't get it working.

Can someone tells us which files we need to work with to change the form and successfully implement what we are trying to do?

Or do we just delete all the files and template from our custom theme and create simple index.html or index.php file?

Details are important.


Thanks.

 

[Infopro]

Are you speaking of your website, or your cPanel login page?

 

[onpointsystems]

this is for cpanel.

 

[onpointsystems]

Can someone at least tell were to find /login/ action the form is calling/

This is from action=/login/ from the form action to login to cpanel account which is found in the login.tmpl file. Usually there is a filename with path but not the dame with cpanel login form.

Thanks.

 

[Infopro]

The docs might be helpful to you:
How to Create Custom-Branded Login Pages - cPanel Documentation

 

[onpointsystems]

Negative, no help. Again, all the docs plus the one just referenced discuss how to customize the shell of the page and not the action for the form. I have already looked through all these. I have also looked through other threads and no success. Where can I find the function or file that executes the login form action /login/?

Thanks

 

[onpointsystems]

After some research we were able to make some head way towards our end goal. We just simply want to add simple, little Turing math question and validate the answer prior to passing the login credentials. Here is some information for others who are not getting the information from any other cpanel member for whatever reason. I would like to add that those who knew some of this information and did not want to share for whatever reason (after viewing the post), keep in mind that you learned it yourself at one point so do not feel superior when someone else does not know. You were not born with Cpanel knowledge. Sorry about that, back to the post.
After you copy the theme the file you would like to change to add anything to the cpanel, whm and webmail login page is located in /unprotected/your-theme/templates/login.tmpl. The form is using action=/login/ which is calling a javascript. This javascript is located in /unprotected/your-theme/js-min/login.js. Below is the function called by the login button when it is clicked.

function do_login()
{
var w = document.getElementById('BotBootInput').value;
//alert(w);

if (LOGIN_SUBMIT_OK)
{
//alert(w);
LOGIN_SUBMIT_OK = !1, hide_links(document.body), login_button.suppress(), show_status(MESSAGES.authenticating, "info");
var e = new ajaxObject(login_form.action, login_results);
e.update("user=" + encodeURIComponent(login_username_el.value) + "&pass=" + encodeURIComponent(login_password_el.value), "POST")
}
return !1
}

We managed to add the Turing question to the actual login page but I am still working on validating the entry by adding the validation to function do_login() called by the login button. Hope this helps anyone who has been searching for some ideas in adding captcha. If you have any tips or detailed information on how we can add the validation of the Turing answer that would be great.

Thanks.

 

[onpointsystems]

Do i apologize for the double post but for some reason I could not see the first one. If a moderator can delete the first copy that is fine.

Thanks.