The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Major Scurity Problem....

Discussion in 'General Discussion' started by JeanGenie, May 13, 2008.

  1. JeanGenie

    JeanGenie Member

    Joined:
    Apr 29, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Hi all

    I have taken over a server from a failing company so am a newbie I suppose....

    Anyhow have been plodding along and each time I have a problem do some research and get it sorted but this one has me stumped...

    If you take any domain of my clients on my server and add /cpanel at the end a box appears asking for user and passowrd. If you enter admin and changeme you get access to all the accounts on my server.... I have even asked the server suppliers and they havent got a clue how I reset it to something a lot more secure...

    Does anyone know how I reset it please, I dont want any of my clients to find out..

    Thanks
    JG
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Do you have a reseller or user on the system whose username is admin and their password is changeme?
     
  3. JeanGenie

    JeanGenie Member

    Joined:
    Apr 29, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I dont belive so but I do have a demo account with the user name admin, but the password I have changed, tho it wasnt changeme in the first place....
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    198
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Click the Password Modification icon in your cPanel and change the accounts password. Logout and close your browser then go back and try it again using admin and changeme.

    admin is a bad username to begin with. The "box that appears" is htaccess password protected directory and should be secure if the username and password are not so easy to guess.
    http://httpd.apache.org/docs/1.3/howto/htaccess.html#what
     
  5. JeanGenie

    JeanGenie Member

    Joined:
    Apr 29, 2008
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    I just complete deleted the account and it seems to have stopped it.. Thnaks for your help and the first beer is on me, if ever I get over the pond that is..... thanks
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    198
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If I understand you correctly you've taken over an entire server and that server had the cPanel demo enabled? If so I'd disable it via WHM. On the left menu in WHM, at top type in Demo and you'll find the option there. (of course deleting the account would work in the same way I guess) ;)
     

Share This Page