The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

POST /backend/passwordstrength.cgi ?

Discussion in 'Security' started by jols, Aug 13, 2010.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Is there any reason the cPanel system would be showing stuff like this in the Apache access logs?

    --------------
    68.108.57.47 - - [11/Aug/2010:15:44:07 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 46
    68.108.57.47 - - [11/Aug/2010:15:44:08 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 46
    68.108.57.47 - - [11/Aug/2010:15:44:09 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:09 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:09 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:22 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:22 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:23 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 46
    68.108.57.47 - - [11/Aug/2010:15:44:31 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 46
    68.108.57.47 - - [11/Aug/2010:15:44:31 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:33 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:33 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:40 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:41 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    68.108.57.47 - - [11/Aug/2010:15:44:42 -0500] "POST /backend/passwordstrength.cgi HTTP/1.1" 200 47
    --------------

    I'm inclined to block the IPs I find in such log entries, but I first wanted to check to make sure this is no something legitimate.

    And no, we have not made any changes to the password strength setting in WHM. The IP listed in the entries is for sure not our office IP
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This happens when users interact with WHM or cPanel via the proxy virtualhost. The requests are handled by Apache and feed to cpsrvd via localhost on the proper port.
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks for your response. Questions:

    1 -- "..or cPanel via the proxy virtualhost." What does that mean? Could simply entering a password for a newly created email account trigger this kind of log entry?

    and

    2 -- Yes but dozens of times per minute, and in some cases twice per second? (As you can see with the sample log entries I posted.)
     
  4. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    This is normal. Every time you enter a new character it has to recalc the strength.
     
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Sorry, I left that part out of my explanation.

    The POST entries come from any interface in cPanel or WHM that performs a measurement of a passwords strength.

    Some examples:

    1. Creating a new account in WHM
    2. Changing an email password
    3. Creating a MySQL virtual user

    Each new character in the password field causes the proposed password to be sent via an AJAX call to the passwordstrength.cgi script.

    For example if the password is temp123 then 7 separate calls will be made to passwordstrength.cgi to measure the password as it is at the moment the character is entered. Using temp123 the following strings are sent to passwordstrength.cgi for measuring:

    • t
    • te
    • tem
    • temp
    • temp1
    • temp12
    • temp123

    For each of the items in the above list a corresponding POST to passwordstrength.cgi will exist in the Apache access log.

    If a user is interacting with cPanel directly then the POST entries will be in the cPanel access log.

    The Proxy VirtualHost is a feature we implemented in 11.24 that allows login to cPanel, WHM and Webmail via port 80 using one of the following URLs:

    cpanel.example.com
    whm.example.com
    webmail.example.com

    Substitute example.com for any of the domains on the server.
     
  6. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Okay doke. Makes sense now. Thanks to your both for the response to my question.
     
Loading...

Share This Page