The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to stop 'username' from being broadcast across the net?

Discussion in 'General Discussion' started by matt621, Mar 14, 2005.

  1. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Whenever any account on a cpanel box is setup, there is the username@domainname.com email account setup.

    Yes, we can set to blackhole or fail, but the bigger question is:

    Why and how is the username being discovered by spammers in the first place?

    Since the username is half of the login ID should not this information be guarded and not shared with the rest of the world?

    How do we correct this problem?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You're most likely to be getting hit by spammers from dictionary attacks. You should do as you already have suggested, set the Default Address to :fail: and then create virtual accounts or Forwarders for the addresses that you're going to use on a domain. There is nothing more that you can do than that.
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    They're probably guessing that the username is defaulting to the first 8 characters of the domain name and just checking that. ;)
     
  4. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    No, I've setup user IDs completely different from the domain name and they are not using a dictionary attack.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    ...and you've got your Default Address set to :fail: for the relevant domains? If you have, and non of the other suggestions are relevant, then the suggestion seems that you have a spammer either hosted or exploiting a script on your server as I can't think of a way someone would be able to get the usernames without looking at the server configuration.
     
  6. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    well yes, when I set the email to fail or blackhole it's fine.

    But the email issue is not what I was starting this thread for. What I'm saying is that to keep a box secure, we want to make it hard for hackers to access it. And to broadcast the useraccount id is a foolish thing to do.
     
  7. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    your userid username is NOT being broadcasted in any way.
     
  8. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Oh yes it is.

    It's easy to demostate on popular sites. Just DONT set the default address "userid@domain.com" to blackhole or fail and you'll see it.

    On new sites with no traffic, it's only a little bit. But on a site that has real traffic, you'll have 100meg of spam sitting there in a few weeks or months depending on the traffic of the website.
     
  9. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    I won't argue that mail won't wind up in that box. I have a site that has been around for a long time and I check mail on the "default" box. The reason why it gets tons of spam is becuase by default EVERYTHING other than specifically addressed emails that have true pop accounts set up ..it all goes to your main default box. I get about 600 emails a day on this one "default" "master_user" box. If I go through all those emails nowhere do I find the spammers sent to "master_user" . It's all going to tim,tom,terry,toboe,hank,greg,fred ..and so on and on and on. By default the catch-all pointer send severything to that box. So I get tons of dictionary spams. In no way can I see your point in that the "master_user" is being "broadcasted". Maybe I am wrong. Chirpy ..what do you think?
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I can only agree. The point here is that you should always set your Default Address to :fail: regardless. I wish cPanel would make it the default setting in WHM and get rid of :blackhole: too.
     
  11. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    but all fail does it just bounce the emails back to some innocent third party. better to just dump them.
     
  12. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    nope ..not true. Think of it like a firewall for your smtp. It works like a RBL would only with different error message. The smtp server on the other end is never allowed to transmit the email to the server.
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  14. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    You can easily set in WHM that all new accounts will be :fail:.
    I like to have the option to choose, so I don't want cPanel to hardwire the setting. It works great the way it is.
     
Loading...

Share This Page