Phishing using the /.well-known/ directory

rpvw

Well-Known Member
Jul 18, 2013
1,101
459
113
UK
cPanel Access Level
Root Administrator

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
208
cPanel Access Level
DataCenter Provider
cPanel doesn't use any special permissions on the .well-known directory so it shouldn't be any more at risk than any other directory.
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
459
113
UK
cPanel Access Level
Root Administrator
No need to defend cPanel, nor was there any suggestion of any fault nor criticism of cPanel, it was only a 'heads up' that there looked like there was an emerging trend for malware to be hidden in that folder (which is often not seen unless one has made the effort to show hidden files) and even less likely to be regularly inspected. - Perhaps hidden files should be enabled by default, with an option to hide them ?

I also wonder if it might be a good idea to have the AutoSSL system generate a security.txt file as recommended, with at least the email address of the cPanel account filled in.
 

sparek-3

Well-Known Member
Aug 10, 2002
2,008
222
368
cPanel Access Level
Root Administrator
I can't imagine having the user's email address placed in a publicly accessible file (at least without explicit permission and sometimes I wonder if that's even enough - people will click anything) as being a very good idea.

Basically, if files are being written into the .well-known folder (or any folder) without the account owner's knowledge... that's a security issue and means there's a security issue that the account owner (or web hosting provider, if they are completely managing the account?) would need to rectify.

I don't really see much of the point of this "news" release. They might as wells to have headlined this as "WARNING: If you have a website you are at risk of potentially hosting a phishing site"
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
459
113
UK
cPanel Access Level
Root Administrator