The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Newbie question about WHM/CPanel security

Discussion in 'Security' started by milbro, Apr 9, 2006.

  1. milbro

    milbro Registered

    Joined:
    Jul 23, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hello!

    First, I confess that I am posting this question out of some degree of laziness, since I am confident that, in time, I'm perfectly capable of discovering the answer on my own. But, appreciating that the subject of server security is a vast and dense subject and confident I have put forward some small token against due diligence by having buried myself in the subject, I'm hoping someone might indulge me a moment and save me some time by pointing me in the right direction.

    For the sake of brevity, the short version is that I recently bought a bargain-basement reseller account and have discovered that I am unable to log in securely via "https://myexamplesite.com:2082" (although http works fine). I am severely limited in terms of what I can do with WHM besides apportion disk-space and bandwidth to my domains and lack SSH access, but would prefer to remedy the problem myself if at all possible. Regardless, I want to understand the solution myself, even if my sole recourse is to hassle the guy whom I bought my reseller account from.

    Further, this is a subject I've procrastinated on in such a way as to have been given the worst possible impetus to finally get off my duff: previously, my sites had been hosted by a friend with a similar reseller set-up through the same outfit, and I recently returned from a road trip to discover my site had been hacked and subsequently vandalized. Apparently, someone had broken in using r0nin (a rootkit I still haven't been able to learn much about) and from there, deleted half my database, presumably as a courtesy in order that I might finally learn the error of my slothful ways.

    Since then, I've moved my sites to different machines, installing my embarrassingly outdated backup databases with fresh copies of my scripts, decent passwords and an attempt to create an automated backup system via cron (which hasn't run successfully yet, perhaps for reasons that relate to my inability to log in securely).

    So far, no blood ergo no foul, since this is my hobby and not my livelihood, but if I'm not mistaken, I may as well have simply set everything up with blank passwords and opened up file permissions to the universe at large and its dog, since logging in via http broadcasts everything I do as cleartext.

    So, can anyone point me in the right direction?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  3. milbro

    milbro Registered

    Joined:
    Jul 23, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Yreka!

    Outstanding!

    No idea how I managed to miss that point, except that https://myexamplesite.com/whm/ gave me the same error as when I was attempting to connect with the wrong port.

    Seems like the greatest liability of trying to troubleshoot when one has a little knowledge is the tendency to overlook what one has come to take for granted, convinced that they know what they're doing. :D

    I'm glad it was a simple thing, though.

    Great thanks for the tip, and I'm off to change some passwords. Yay!
     
Loading...

Share This Page