Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

password protect security problem

Discussion in 'Security' started by Snowman30, Jul 17, 2007.

  1. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    I have just been notified by a client that the .htaccess password protect function is playing up on accounts on one of our servers

    lets say you password protect the folder /public_html/admin

    and you set a user as "admin" with a pass of say "foobar"

    well we have found that foo, foob, fooba and foobars all let the user login

    this is very wrong anyone have any ideas as to whats going on?

    we are using the latest CPanel 11 R release
     
    #1 Snowman30, Jul 17, 2007
  2. Gausar

    Gausar Registered

    Joined:
    Oct 17, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    151
    Cannot reproduce your problem

    I tested on couple of my server and could not reproduce this issue.
    You sure it is not something else.
     
    #2 Gausar, Jul 17, 2007
  3. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    well i dont knwo what else it could be, its just a htaccess password protected directory
     
    #3 Snowman30, Jul 18, 2007
  4. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York


    Which version of Apache are you running ?
     
    #4 nyjimbo, Jul 18, 2007
  5. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    still running 1.3

    I cant recreate the error other than on this one server which has me completely stumped
     
    #5 Snowman30, Jul 19, 2007
  6. Frimon86

    Frimon86 BANNED

    Joined:
    Jun 4, 2007
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    156
    This could be a setting inside of your server whm config I think. Have you tried checking your server whm?!?
     
    #6 Frimon86, Jul 19, 2007
  7. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York
    If you can get one of the offending .htaccess files and upload it here (don't change anything except stuff that might expose your server) that would help.

    Its possible one or more lines is messed up, especially the "require" statement. Its a long shot, but that would explain the error you are seeing.
     
    #7 nyjimbo, Jul 19, 2007
  8. onaweb

    onaweb Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    156
    Hello,
    I am experiencing the same issue. I have a password of user2007 and you can enter user200, user2008, user2009, user20 - they all let you log in.

    Did anyone find a solution to this issue?

    Thanks,
    Andy
     
    #8 onaweb, Nov 29, 2007
(You must log in or sign up to post here.)
Loading...
Similar Threads - password protect security
  1. Greg M

    How to password protect root / default webpage

    Greg M, Jul 31, 2017, in forum: General Discussion
    Replies:
    8
    Views:
    197
    Greg M
    Aug 11, 2017
  2. Mugoma

    Block 'unprotected' password change

    Mugoma, Apr 21, 2017, in forum: Security
    Replies:
    6
    Views:
    281
    Mugoma
    Apr 27, 2017
  3. basslion

    Password Protecting public_html and Magento issues

    basslion, Mar 30, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    338
    Jcats
    Mar 31, 2017
  4. morrow95

    AutoSSL and password protected domains

    morrow95, Mar 1, 2017, in forum: Security
    Replies:
    3
    Views:
    471
    cPanelMichael
    Mar 3, 2017
  5. SSy

    Access denied for user 'leechprotect'@'localhost' (using password: YES)

    SSy, Feb 21, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    692
    hbouma
    May 21, 2017

Share This Page