The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Knowing the CPanel version: A Security Hole

Discussion in 'Security' started by Mise, May 15, 2011.

  1. Mise

    Mise Member

    May 15, 2011
    Likes Received:
    Trophy Points:
    When blocking the access to some IP ranges using WHM option "Host Access Control", a message appears to non-allowed visitors:
    Access Denied
    The server was configured to not permit you access to the specified resource.  If you believe this is in error or inadvertent, please contact the
    system administrator and ask them to update the host access files.
    whostmgrd/11.2X.XX Server at
    I was not able to locate the HTML code but finally I have seen it is embeded inside /usr/local/ssl/local/cpanel/cpsrvd-ssl and cpsrvd

    Why embeded?. Is there no any possibility to hide the number version?

    With this unsecure feature, it would be better deleting the option "Host Access Control", because this is an invitation to hack the server just by checking the version and the security holes related.
    And if the only solution is keeping the server updated with the ultimate version, then it would be better delete those options to keep "Stable" and old versions.

    What's the security politics to follow when there is not option to hide the CPanel version?

    Why visitors should know these details ?
    What's the purpose of this avoidable announcement?
  2. CookieMonster

    CookieMonster Member

    Oct 25, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I agree with you, this is very annoying..

Share This Page