Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Phishing using the /.well-known/ directory

Discussion in 'Security' started by rpvw, Feb 5, 2018.

  1. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    582
    Likes Received:
    177
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
  2. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,470
    Likes Received:
    23
    Trophy Points:
    148
    cPanel Access Level:
    DataCenter Provider
    cPanel doesn't use any special permissions on the .well-known directory so it shouldn't be any more at risk than any other directory.
     
  3. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    582
    Likes Received:
    177
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    No need to defend cPanel, nor was there any suggestion of any fault nor criticism of cPanel, it was only a 'heads up' that there looked like there was an emerging trend for malware to be hidden in that folder (which is often not seen unless one has made the effort to show hidden files) and even less likely to be regularly inspected. - Perhaps hidden files should be enabled by default, with an option to hide them ?

    I also wonder if it might be a good idea to have the AutoSSL system generate a security.txt file as recommended, with at least the email address of the cPanel account filled in.
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,547
    Likes Received:
    44
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    I can't imagine having the user's email address placed in a publicly accessible file (at least without explicit permission and sometimes I wonder if that's even enough - people will click anything) as being a very good idea.

    Basically, if files are being written into the .well-known folder (or any folder) without the account owner's knowledge... that's a security issue and means there's a security issue that the account owner (or web hosting provider, if they are completely managing the account?) would need to rectify.

    I don't really see much of the point of this "news" release. They might as wells to have headlined this as "WARNING: If you have a website you are at risk of potentially hosting a phishing site"
     
  5. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    582
    Likes Received:
    177
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page