Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Phishing using the /.well-known/ directory

Discussion in 'Security' started by rpvw, Feb 5, 2018.

  1. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    819
    Likes Received:
    299
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,480
    Likes Received:
    30
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
    cPanel doesn't use any special permissions on the .well-known directory so it shouldn't be any more at risk than any other directory.
     
  3. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    819
    Likes Received:
    299
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    No need to defend cPanel, nor was there any suggestion of any fault nor criticism of cPanel, it was only a 'heads up' that there looked like there was an emerging trend for malware to be hidden in that folder (which is often not seen unless one has made the effort to show hidden files) and even less likely to be regularly inspected. - Perhaps hidden files should be enabled by default, with an option to hide them ?

    I also wonder if it might be a good idea to have the AutoSSL system generate a security.txt file as recommended, with at least the email address of the cPanel account filled in.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,761
    Likes Received:
    116
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    I can't imagine having the user's email address placed in a publicly accessible file (at least without explicit permission and sometimes I wonder if that's even enough - people will click anything) as being a very good idea.

    Basically, if files are being written into the .well-known folder (or any folder) without the account owner's knowledge... that's a security issue and means there's a security issue that the account owner (or web hosting provider, if they are completely managing the account?) would need to rectify.

    I don't really see much of the point of this "news" release. They might as wells to have headlined this as "WARNING: If you have a website you are at risk of potentially hosting a phishing site"
     
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    819
    Likes Received:
    299
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice