Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Knowing the CPanel version: A Security Hole

Discussion in 'Security' started by Mise, May 15, 2011.

  1. Mise

    Mise Active Member

    May 15, 2011
    Likes Received:
    Trophy Points:
    When blocking the access to some IP ranges using WHM option "Host Access Control", a message appears to non-allowed visitors:
    Access Denied
    The server was configured to not permit you access to the specified resource.  If you believe this is in error or inadvertent, please contact the
    system administrator and ask them to update the host access files.
    whostmgrd/11.2X.XX Server at
    I was not able to locate the HTML code but finally I have seen it is embeded inside /usr/local/ssl/local/cpanel/cpsrvd-ssl and cpsrvd

    Why embeded?. Is there no any possibility to hide the number version?

    With this unsecure feature, it would be better deleting the option "Host Access Control", because this is an invitation to hack the server just by checking the version and the security holes related.
    And if the only solution is keeping the server updated with the ultimate version, then it would be better delete those options to keep "Stable" and old versions.

    What's the security politics to follow when there is not option to hide the CPanel version?

    Why visitors should know these details ?
    What's the purpose of this avoidable announcement?
  2. CookieMonster

    CookieMonster Member

    Oct 25, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I agree with you, this is very annoying..

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice