DNS entries such as cpanel.mydomain.com are opening webpage of my first account

Operating System & Version
Almalinux 8.5
cPanel & WHM Version
100.0.5

SiMoofus

Registered
Dec 4, 2021
4
0
1
Glasgow, Scotland
cPanel Access Level
Root Administrator
Not sure what I have done wrong. My server has several accounts running - fortunately all mine. I have some manual DNS entries to help my external password manager suggest the correct details based on url.
So for each account I manually added cpanel.account_domain.com with server IP as A record. So when I go to cpanel.account_domain.com:2083 I get my cpanel credentials and not webmail etc.
The problem is if I forget to put the port, it opens my first accounts default home page. Regardless of domain typed after the cpanel bit.

I could drill down into vhosts or remove the DNS entry, but can anyone explain what I may have done wrong in my set up?

I am used to seeing the default "Sorry - Contact webmaster" for errors like this usually. This behaviour is worrysome.

Thank you in advance. I tried searching but there are too many results that are not relevant.
 

SiMoofus

Registered
Dec 4, 2021
4
0
1
Glasgow, Scotland
cPanel Access Level
Root Administrator
Thank you for a quick reply.
That is all working but I added cpanel to the subdomain so that my password manager only suggests the correct entry. If I just go to domain.com/cpanel or domain.com:2083 the password option brings up all passwords related to domain.com, and I have too many to make this work. Its a small issue. I can work around anyway. Don't forget to put port.

The main thing that is concerning me though, why has it brought up another user accounts webpage? I thought I had everything secured. I don't know where to look to find why this behaviour is happening. I would hope it would go to an error page and not jump account. Some of my websites I would not want any mistyped urls to end up here.


You can use account_domain.com:2083 or account_domain.com/cpanel without port.
 

andrew.n

Well-Known Member
Jun 9, 2020
901
335
63
EU
cPanel Access Level
Root Administrator
I believe the best would be to reach out to the support of your password manager software so they can advise on this as it sound like the software is not handling cPanel users passwords correctly.
 
  • Like
Reactions: cPanelAnthony

SiMoofus

Registered
Dec 4, 2021
4
0
1
Glasgow, Scotland
cPanel Access Level
Root Administrator
Thanks again but please forget about the passwords and cpanel - thats not my concern. If it was I would have gone to the password manager for an answer.

My concern is about one domain directing to another accounts webpage.Type [dnsentryonly].cheese.com but instead of displaying an errorpage as there is no subdomain set up for [dnsentryonly] I get a chalk.com website. the url in the address bar shows [dnsentryonly].cheese.com but another users webpage is showing.
ftp cpanel both do it. I can delete the DNS entries but I would still like to know why a malformed entry on one account is landing me in another usershome directory. Its the security hole I am concerned with. Why has cPanel has made my sites work like this?