O
ozzi4648
Guest
I mentioned this before in one of the other threads and i'll say it again. BEWARE! Of any account you create in WHM that you turn into a demo account.
There is a huge security risk here. I mentioned awhile back that an account i created on my server called demo.primenet.cc, used to demo the account to would be clients, one day mysteriously dissappeared from my server. Now i know how it was done. Its simple. Anyone can ftp to my demo.primenet.cc account and not only access the account but also DELETE the entire directory structure. I tested it on my server today.
I just dont understand something. When creating accounts thru WHM, amongst many other options, you can specify how many ftp accounts can be created under that account. Even if you say 0, WHM will create 2 by default!!!! Why is that? That means anyone can ftp to your accounts weather you have specified they get a ftp account or not!
Dont beleive me, try it!
Dgbaker, although i am not a malicious user i was able t ftp to your demo site and i could have deleted everthing.
I would highly recommend that everyone disable their demo accounts if active. Its really a huge security risk!
One possible way of avoiding this is to chown the entire demo account directory sturcture to root but this is not an alternative.
I would have thought that when one specifies an account as demo that this is what happens anyway to prevent people for changing and modifying files and directories.
There is a huge security risk here. I mentioned awhile back that an account i created on my server called demo.primenet.cc, used to demo the account to would be clients, one day mysteriously dissappeared from my server. Now i know how it was done. Its simple. Anyone can ftp to my demo.primenet.cc account and not only access the account but also DELETE the entire directory structure. I tested it on my server today.
I just dont understand something. When creating accounts thru WHM, amongst many other options, you can specify how many ftp accounts can be created under that account. Even if you say 0, WHM will create 2 by default!!!! Why is that? That means anyone can ftp to your accounts weather you have specified they get a ftp account or not!
Dont beleive me, try it!
Dgbaker, although i am not a malicious user i was able t ftp to your demo site and i could have deleted everthing.
I would highly recommend that everyone disable their demo accounts if active. Its really a huge security risk!
One possible way of avoiding this is to chown the entire demo account directory sturcture to root but this is not an alternative.
I would have thought that when one specifies an account as demo that this is what happens anyway to prevent people for changing and modifying files and directories.