The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP bug shows domlogs to anyone

Discussion in 'General Discussion' started by Website Rob, Sep 30, 2003.

  1. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    A Client of mine reported this to me and not only was I able to confim it, the reply from DarkOrb was to state, "Yes, this is the current behavior, if you would like to see it changed, you may submit this as a feature request via http://support.cpanel.net/index.cgi?feature=1 if you like."

    This "current behaviour" allows one to use; a shared IP, an FTP program and/or an ftp URL in IE, to see all domlogs listed on the Server. I will not provide the information to duplicate this bug in a public forum, due to security.

    I have used the feature URL listed above and, as I'm not sure how many requests it takes for a feature to be implemented, I would urge everyone to use the same the URL and request it be changed. As both, the trouble ticket and the feature request I submitted, refer to each other, referring to this thread in your feature request should be all the information needed.

    Although the files cannot be tampered with and the main domlog for each account cannot be viewed, there is no reason for others to see what sites are hosted on a server. This situation is similar to the "domain.com/bandwidth" problem we used to have.

    cPanel.net Support Ticket Number:
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I have verified this behavior. Feature request submitted.

    cPanel.net Support Ticket Number: 25058
     
  3. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    How is this a security issue? It's more of a business related issue, i.e, you don't want customers to know how many domains are hosted on the server. But how does this put the server at risk?

    cPanel.net Support Ticket Number:
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Thought it was pretty obvious myself. ;)

    If one of your Clients asked you, for all the Domain names -- and sub-domains -- being hosted on your Server, what would you tell them and why?

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page