Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

MAJOR cPanel Exploits!!!!11

Discussion in 'General Discussion' started by acer2k, Feb 22, 2003.

  1. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    166
    I doubt it!
     
  2. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,504
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Being as it was Feb. when the above script was made available, I'm wondering about the results form those who have used it.

    Contrary to what was mentioned previously, on not being to create 'unlimited' Web space or Data Transfer (as there is "no such thing" it makes perfect sense to me), I would like to know, if using it on a production Server caused any problems.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Good. One problem down, 500 to go.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. rmj

    rmj Member

    Joined:
    Feb 20, 2003
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    151
    im not too sure its fixed actually i was on my reseller server browsing around found a reseller had set account to use 20gig more than what their alottment is... all they had to do was change bandwidth limit and set to what they want.. doesnt reference their reseller limits i guess *shrug* in the time being i disallowed manual quota and bandwidth edits, they are forced to change the package (kinda crappy but thats the only solution i can think of untill darkorb makes anything that changes bw or quota cross reference against the resellers limits)
     
  5. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    I should have known not to take a company seriously that calls themselves darkorb

    probably a couple of PC Gamers sitting in the basement of their mom's house working on Cpanel during the breaks of the games in their LAN parties playing Everquest. And collecting $75 @ month from each of us fools using cPanel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Silverado

    Silverado Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    154
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Backyard - Poolside
    I agree with thaphantom..... And..... why would you use something you don't like or trust. I for one have no problems... and any that are encountered are easily fixed using forums.

    Someone is definately in the basement of their Mom's house...... but it's not cPanel. And I can only see one fool using cpanel in this thread!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Hmm, that's why there's so many threads in here with so many bug reports and security exploit reports and people saying things like "I had 7 cPanel servers hacked into this week" ? That's why there's 10 times as man complaints in these forums as Ensim's forums and Plesk's forums combined?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. dgbaker

    dgbaker Well-Known Member PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    343
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Again, if people don't like it and are not happy, leave and go get another product. But stop complaining no one is forcing any of you to use the product, you don't like it get something else.

    As stated by the thaphantom and silverado , the product works well for the majority ourselves included. It also helps if you know linux or Freebsd as well, as has been stated in the past this is not meant to replace system administrators. You still have to know what your doing on the server side.

    We mainly have cpanel ONLY for the client side of it. Most "WHM" stuff we do from shell.

    Enough said.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    What do you work for cPanel or something? Since when do people not have a right to complain about something that they paid good money for that doesn't work properly?

    And this has nothing to do with my knowledge of my OS. This has to do with closed source software having bugs. I don't care how good of a sys admin you are it isn't going to do any good unless you want to decompile cPanel and go through and fix it's problems yourself.

    But then you might as well write your own control panel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Because I already paid (A LOT of money) for it after I was told by people like you that are so loyal to this software for some unkown reason "cPanel is so great"

    Oh I'm sorry I didn't reallize that all the money that we paid for this software was going to the kind people that volunteer their help in these forums to help figure out how to fix the shortcomings of the cPanel programmers that so graciously take our money.

    Yes and I never see anyone complaining about cPanel because it's just so super and terrific, right? and EVERYthing works perfectly!

    to quote you from another thread
    Now don't get me wrong I like cPanel, I just think that there should be a lot more for how much money it costs. Even at RS it costs $20 @ mo. extra over Ensim.

    I stopped using Ensim because they were too slow to update their RPMs, but they are better at that now. Atleast Ensim runs CHRoot environment, it's ridiculous that cPanel doesn't.

    I left Plesk because it's a confusing control panel that end users don't understand.

    cPanel has a couple of problems that I don't like:
    The prices are too high for software this buggy
    There is no chroot, this is ridiculous for virtual hosting
    Updates do not appear to be tested thoroughly (hence the comments about this company being nothing but some kids working out of their parent's basement) and every time you update, cross your fingers and hope that the version you're upgrading to doesn't have major vulnerabilities or bugs.

    I was told by cPanel users before I switched that cPanel saves you time but so far 75% of my time has been spent filing bug reports with cPanel.

    I agree with a comment that you made in another thread that cPanel is way ahead of the other control panels, however maybe they should slow down and pay attention to details and make sure that things work. I'm just sick of getting complaints from users "this doesn't work in the control panel" or "that doesn't work in the control panel" ooops, there's another thing I have to remove from my cPanel skins, some other feature that doesn't work.

    Hopefully you can understand how this gets old and annoying.

    I think that cPanel has great potential and is going to be an awesome control panel, but at the moment I feel like a paid a bunch of money for beta software.

    A lot of bugs have been fixed since I started using cPanel however there's a lot left that haven't been, so I'll continue to be stressed out by this software that I paid so much money for until they're fixed.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Silverado

    Silverado Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    154
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Backyard - Poolside
    Well don't just clip a little snippet of my line without showing the whole thing!
    Go ahead and copy and paste where I love cPanel and will not bitch about it.
    It is a free world and you may bitch all you want..... of course there are those that are loyal and enjoy a good working cpanel, but this also requires a little work on your part as stated above by dgbaker.
    By the way....... that was off my EXIM post. Thank you.
    And Nick ICQ'd me directly and showed me the error which was 100% on my part as I did well post without any shame.
    And, I was honored that Nick contacted me! It shows he is a true professional and deeply concerned about issues!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. portman

    portman Well-Known Member

    Joined:
    May 23, 2002
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    306
    RHN,

    Sure you can vent all you want...just try to take your own medicine when someone posts in disagreement. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,504
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    rnh, although some of your points are valid, I think it is understood that you are mostly venting some of your frustrations with the DarkOrb Control Panel -- which we all do and sometimes regret later.

    It may seem like DarkOrb is run by 3 or 4 people, but I'm sure they have more than that. ;) No Control Panel is free of bugs or problems, but I have noticed -- especially in Server related Control Panels -- a lot of "bugs & problems" are posted by people not knowing what they are doing and even worse, not taking the time to learn. Thinking a Control Panel will allow one to properly manage/maintain a Server, is a sure road to disaster. This does not apply to everyone though, as we are all at various levels of experience and knowledge. Not trying to learn more about something we pay for and/or having problems with, makes no sense. Hence the reason, why Forums like this are so handy. Doing some basic troubleshooting on problem and providing good info in a post (what they are using, what was done, current results, etc.) would go a long way to a better Forum -- for everyone.

    How about a company called Microsoft?

    If you want to talk about paying for 'buggy' software, Microsoft is still #1 in that area. Also still #1 in Desktop OS software and hopefully, will never be #1 in Server software! Nice to see (on a program I watched over the weekend) new laws in the U.S. are being discussed, to force ALL software makers to be LIABLE for their software. Microsoft is, of course, trying to put a PR spin on this by saying; it would increase costs, be detrimental to the software industry, etc., etc. The fact that it would force them to provide better software is not their concern I guess. Gamers have long complained about 'buggy' software and yet, the creators of Game software still put out a lot of 'problem' product -- and people still pay for it. Just one of the reasons though, why Pirating is so big, but that's another story.

    I think we can agree that any Forum provided by a software maker is going to have posts that complain about the product. Even though, and this applies to the DarbOrb product, the software maybe 90% - 95% effective and working properly, there will always be those of us who will find something to complain about.

    Ending on that note, my personal, top listing complaints for WHM/Cpanel are: make sure current features work before adding new ones (which goes without saying, new features should also be well tested and work correctly) and to provide accurate & current documentation for their product.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. rcohen

    rcohen Member

    Joined:
    May 8, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    While ALL software has bugs, you can not compare MOST MS software or GAMING software to the software being provided by the cPanel people. Why? Because peoples livelyhood$ DEPEND on cPanel. Thus the term "reseller" ;-) Things not working well is ONE thing, but allowing users to "steal" from providers of services is not, in my opinion, at ALL acceptable for "PROFESSIONAL" software.

    So, the question now becomes... is cPanel / WHM professional software? For the price, it damn well SHOULD be. It was recently discovered by users of MY resellers group, that from WHM, you can create a sub-domain of ANYONE ELSES domain on the server you are on. While the space and resources will still come from YOUR account, one's IDENTITY can be STOLEN. Is THIS professional? WHM should check for OWNERSHIP of a domain before allowing a SUBDOMAIN to be created FOR IT.

    I like cPanel... I honestly do. But the company is either going to have to crack down and take itself seriously, or fizzle out as a "fad" product once the professionals using it determine that it's not worth the headache anymore. Come on guys.... if you can't handle these issues personally and effectively, then hire someone who can! I'd kinda like to see you around five years from now.

    rc
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. dgbaker

    dgbaker Well-Known Member PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    343
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    If it is the reseller creating it as a "new account" of course it is allowed, the reseller has full rights to create accounts. We have some subdomains that are purposly created as separate acocunts. This is not a flaw but a feature that we enjoy. If you have resellers willing and wanting to "steal" identities then maybe you should look at not having them as resellers.

    As far as I know the only ones that can do this are root and resellers if they have the create a new account option. You cannot blame cpanel for resellers not having ethics.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. rcohen

    rcohen Member

    Joined:
    May 8, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    No, I am ONE of many resellers on the server... I am not the server owner. There are.... about 30 other resellers on board. And yes, IF caught, then the owner of the server would indeed take action, HOWEVER.... there is no way to KNOW if someone HAS created a subdomain in your main domains name, unless by pure chance..... so the risk of getting caught is slim. You mean to tell me that FROM WHM, you can't devise a script that checks if a root domain is OWNED by the WHM account being used, before permitting the creation of such an account? If it can't... then how am I supposed to view REAL security issues under the WHM system?

    That's like telling the owner of a car having broken locks, not to park the car in bad neighborhoods, rather than just fixing the lock. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. Silverado

    Silverado Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    154
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Backyard - Poolside
    Actually it only takes a few minutes to check it out on your WHM if you are the server admin. I look at the subdomains every day to make sure nobody is putting safelists, porn..... etc..etc. on my servers.
    But never-the-less...... Dgbaker is right on. The World is full of crooks and nar-do-gooders! You can't live a life watching over your shoulder.... but it does help to have a good head on them.
    If your server admin didn't catch it I would have to wonder about his concern for security!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. phantom

    phantom Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    166
    Not sure about the second one but the first issue is simple. Set all of your reseller accounts with something small like 50mb of space and 3gb of bandwidth. After they sign up, ask them how much they want for their master account. Let's say they want 300 mb of space and 10 gb of bandwidth

    So add 250 mb of space and 7 gb of bandwidth to their master account and apply the rest of their resources to their reseller resources.

    That is not a security exploit in the least.
     
  19. Blue Optic

    Blue Optic Member

    Joined:
    Feb 6, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    151
    What I do...is create an account like

    reseller287.com w/10mb of space 10mb/bandwidth


    then allow the user to create their own domain w/the specifications they want..
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice