Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Phishing and 2factor

Discussion in 'Security' started by bertelschmitt, Jun 5, 2014.

  1. bertelschmitt

    bertelschmitt Member

    Joined:
    Jun 5, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am in receipt of a more or less decently made mail that invites me to go to Cpanel.net to "reconfirm my account." Of course, the link does not go there, but to - Removed - (redacted to defang link.)

    This reminds me: When does Cpanel finally get 2factor auth? With it, even a successful phish would be out of water.

    I don';t know what is taking so long to enable 2factor. Cpanel clearly is under attack, and passworded Cpanel sites are very weak links in a big chain. I get 2factor for free with Webmin and sundry other products. Is it too much to ask to request this feature for something for which I am paying no insignificant amounts for two servers?
     
    #1 bertelschmitt, Jun 5, 2014
    Last edited by a moderator: Jun 5, 2014
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,070
    Likes Received:
    348
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please feel free to sign on to this Feature Request:
    Two-factor Authentication - cPanel Feature Requests

    Here's a blog post by cPanelTravis that may be useful to you:
    How to Minimize and Stop Phishing Emails - cPanel Blog

    The email you mention has been seen many times over the years.

    For anyone reading this thread later, this from a cPanel Blog post in 2011:

    HTH!
     
    #2 Infopro, Jun 5, 2014
  3. bertelschmitt

    bertelschmitt Member

    Joined:
    Jun 5, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I did read the post many times, and voted in the affirmative. This request is more than a year old. It received a lukewarm welcome, and I am getting the impression that it is being ignored studiously. Will it need a huge disaster for it to be taken seriously? This shouldn't take longer than a week to implement. 1 day of coding, and six days of testing.

    Please let your customers know what is holding you back, or why you don't want this glaringly missing feature.
     
    #3 bertelschmitt, Jun 5, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Phishing 2factor
  1. rpvw

    Phishing using the /.well-known/ directory

    rpvw, Feb 5, 2018, in forum: Security
    Replies:
    4
    Views:
    214
    rpvw
    Feb 5, 2018
  2. mjobrr

    Phishing Activity on Website

    mjobrr, Jul 11, 2017, in forum: Security
    Replies:
    3
    Views:
    326
    cPanelMichael
    Jul 12, 2017
  3. nimonogi

    How can I report a phishing email?

    nimonogi, Feb 13, 2017, in forum: Security
    Replies:
    1
    Views:
    556
    Infopro
    Feb 13, 2017
  4. S3RCE

    Reseller - Phishing Accounts

    S3RCE, Jun 16, 2016, in forum: Security
    Replies:
    11
    Views:
    1,313
    shmeg
    Jan 30, 2017

Share This Page