The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Domain transfers?

Discussion in 'General Discussion' started by jez9999, Apr 22, 2006.

  1. jez9999

    jez9999 Well-Known Member

    Joined:
    Jun 10, 2005
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Hi, could someone tell me what cPanel means when it refers to 'domain transfers' in the 'tweak settings' section? It doesn't seem to be the standard definition about changing registrars. I'm not quite sure why you used this terminology actually because it commonly means the registrar thing.

    And I don't understand the given explanation 'Allow Creation of Parked/Addon Domains that resolve to other servers' or why/how it can be a 'major security risk'.
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Any domain on the server will resolve to the server.

    If someone added gmail.com to their account, any mail handled by the server for gmail.com would go to the relevant user's account. That in itself isn't much of a security risk and just an annoyance.

    This could be more of a problem if someone added a domain from which scripts use wget to get executable scripts.

    Let's say you have Chirpy's MailScanner package, a new version is released and you try to upgrade as follows:

    Code:
    wget http://www.configserver.com/free/msinstall.tar.gz
    tar -xzf msinstall.tar.gz
    cd msinstall/
    sh install.sh
    If someone has parked configserver.com, the wget request would resolve locally. They (the malicious user) could then supply msinstall.tar.gz and thence you end up executing install.sh - this script could do anything a malicious user might want.
     
  3. jez9999

    jez9999 Well-Known Member

    Joined:
    Jun 10, 2005
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    OK, i think I understand now. But I have to say, that phrase 'domain transfers' is very confusing and doesn't really describe the process at all. It'd be nice if they thought up a new, better worded, unambiguous phrase. :)
     
Loading...

Share This Page