The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible cPanel security issue

Discussion in 'Security' started by derekg, Jan 17, 2006.

  1. derekg

    derekg Registered

    Joined:
    Oct 2, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Does anyone know how to permanently disable "http" logins into cPanel and only leave "https" logins enabled? We want to only allow SSL connections.

    One of our servers was hacked this morning. We are still searching log files, to figure out how. What happened, was that index.html file under one domain on the server was replaced with hacker's own garbage. This is classic defacing, and the owner of the garbage index file is the domain user.

    So, it looks like the hacker gained access to this one user's login information and logged in through cPanel as the legitimate user would. Indeed, there was cPanel login that came this morning from Saudi Arabia computer (most likely hacked too). Also, the password (in /etc/shadow) for the user has been changed by the hacker.

    It looks like the login information was sniffed when the legitimate user logged in into cPanel few minutes earlier. There may be a new script out there that does that.

    If you encounter similar problem, and have more information as to how the hacker gained access to the user's login information, please post it.

    Also, I find it rather intriguing that upon loggin in into cPanel Forums just few minutes ago to check any new reports on hacking, I first thing I saw was "Welcome to our newest member, cPanel Hacker". Coincidence? Who is this new memeber "cPanel Hacker" and where is he coming from?
     
  2. WilliamE

    WilliamE Well-Known Member

    Joined:
    May 14, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Under tweak settings enable:

    Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.

    Think that's the one you want.
     
  3. derekg

    derekg Registered

    Joined:
    Oct 2, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    The above only works if the user appends /cpanel to his domain name. However, most of our users access cPanel in the form http://www.mydomain:2082.

    The "redirect to to the ssl/tls" setting does not work if you access cPanel using port 2082.
     
  4. simplybe

    simplybe Well-Known Member

    Joined:
    Nov 29, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    What if you used the whm tweak and also blocked port 2082 , leave only port 2083 open wouldn't that force users to use ssl ?

    You would need to let your customers know but it would solve the problem
     
    #4 simplybe, Jan 17, 2006
    Last edited: Jan 17, 2006
Loading...

Share This Page