The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Insecure access to cPanel

Discussion in 'E-mail Discussions' started by jez9999, Apr 3, 2006.

  1. jez9999

    jez9999 Well-Known Member

    Joined:
    Jun 10, 2005
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Unfortunately, it seems I've just been the victim of somebody traffic sniffing who has gained access to my webmail and deleted some of my e-mail.

    It's kind of made me realise how insecure cPanel is by default, which is a shame - I think it should be 100% secure by default and if you want to open it up, the onus is on you, not the other way round.

    Anyway, as I have to secure it myself, could some knowledgeable person/people tell me what insecure ways there are to access cPanel and how to shut them off? So far I can think of unencrypted WHM session, unencrypted cPanel session, unencrypted webmail (Horde, squirrelmail, Neomail), unencrypted POP3 / SMTP auth.
     
  2. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Log into WHM, click 'Tweak Settings', scroll down to 'System' and check the box next to Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.
     
  3. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    default.

    So many people expect cPanel to provide 100% security.
    Windows by default does not do that.
    Neither does Helm (commonly called Helpme) as well as Ensim (Both Windows and Linux) Plesk (both Windows and Linux) etc...

    I would suggest first using the SSL ports - as shown above as well as turn off telnet - and setup using SSH 2

    There is a great website to help you get started on this (or purchase services from somoene like Chirpy or PlatinumServerManagement)

    the website is http://www.webhostgear.com/cid_4.html

    Hope that helps . . .
     
  4. ahbao

    ahbao Member

    Joined:
    Mar 4, 2003
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    if you mean traffic sniffing isn't your responsibility to use secure connection, or tighten your pc security?
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Some of your email? Not all of your account? Lucky I guess.

    What was your password? password?:rolleyes:

    These forums and others are full of threads on how to work with cPanel and lock it down the best you can. You might want to look around for those.
     
  6. jez9999

    jez9999 Well-Known Member

    Joined:
    Jun 10, 2005
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Nope, it was a perfectly secure password. It looks like they either got it via packet sniffing, or have been using some weird vulnerability in exim or cppop to delete my mail (I have noticed some SMTP connections to my server from IP addresses from my workplace, and there's a recurring SMTP data timeout in the exim maillog file, again with the source IP address from my workplace). All looks very suspicious. In addition, should the entropychat and melange(port 6666) chat servers be running? It looks like they may be being used by a hacker, unless cPanel runs these by default.
     
  7. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Berlin
    I have similar problems with acces to cPanel :(

    A slow internet connection or some websniffers ;) .

    I belive the connection should be secure within SSL and so on.
     
    #7 Kerstin, Apr 6, 2006
    Last edited: Apr 6, 2006
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Security is your responsibility as a server admin. By default, cPanel does indeed offer secure connection to the inherantly insecure protocols such as POP3, IMAP and FTP, by offering SSL secured ports for each. It's your responsibility to use them. If you have a packet sniffer on your local network, you have some very severe and urgent local network security problems that you should be addressing too.

    Entropy chat and Melange will be running if you you've configured the server to do so. It's your responsibility to now run any services that you're not using to prevent potential exploitation and to firewall them off if you cannot stop them from running (which doesn't include the latter 2).
     
  9. HostMerit

    HostMerit Well-Known Member

    Joined:
    Oct 24, 2004
    Messages:
    160
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Jersey, USA
    cPanel Access Level:
    DataCenter Provider
    Judging as your local network security is not even 'sub-par', I wouldn't be suprised if you had a keylogger on your machine... Then again its possible PEBKAC. :rolleyes:
     
  10. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Berlin
    Surely it is anybodys problem secure the own server or PC and the internet connection. :eek:
    But it is irksome when some bad W-LAN or a paged site crampling the connection to
    websites, servers and forum(s). :rolleyes:
     
Loading...

Share This Page