The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Potential Security Risk?

Discussion in 'Security' started by Frankc, Jul 6, 2007.

  1. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    Hello

    I submitted a ticket to Hostgator to warn them about a potential security risk but your guys can perhaps look into it too.

    In short it seems that a Cpanel server can gain access to the root dns zone of another server via clustering with just a reseller access key on the remote machine, and potentially also a plain hosting account access key.

    I openend a reseller account at Hostgator to act as backup for DNS and email of my own server. Discover that at least the email backup would not be possible so "played around" to configure things.

    On my dedicated server, I added the reseller account at Hostgator as cluster server. WHM says it failed because it must be setup on the remote machine too. (Cannot do it because even resellers cannot create clusters)

    The cluster was however actually created and got ALL the dns entries from the remote server.

    That is not what I want so I delete the dns entry on MY machine, to get a message that the entry was deleted on my machine and hostgators machine.

    I am not sure whether this entry was actually deleted at the remote machine but anyway immediately contacted Hostgator to inform them about this.

    Just let you know because it is perhaps a good idea to look into this?

    Regards
     
  2. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    Response from Hostgator

    While this is true that read access to these zones was granted, you would not have been able to modify them. You would have got permission denied errors when doing so. So read access to the zone is normal and should not be a big security issue.

    Best Regards,


    When deleting the zone WHM don't gave any errors but they are perhaps right and nothing was deleted on their machine.

    It is however still possible for someone to get info about all the domains on a specific server so I don't really like it.
     
  3. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Their are multiple sites on the web that can list all domains on a server.

    whois.sc comes to mind as just one. Not a big concern.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Actually the way WHOIS.SC does this is by remembering and storing in a database
    the IP address resolved for a hosting site that they come across and then when
    you lookup sites, it gives you those database entries with the same IP!

    It is not a very accurate way of doing things because it relies on the site already
    being previously crawled by WHOIS.SC and also relies on that being current.

    It is actually kind of funny because of how much they are wrong all the time.

    In example, if I take the IP from my busiest machine which has 800+ active
    sites on that machine and run those sites on WHOIS.SC, it comes back and
    says there are 38 sites on that machine ---- WRONG! Then it gets even
    funnier when some of the sites listed aren't even on that server anymore.

    WHOIS.SC completely blows it entirely on all my clustered, mirrored, or
    load balancing accounts. Not even close and usually get the IP wrong!

    As a basic information tool, WHOIS.SC is useful but I would not give them
    much credit beyond that because their information is far too often inaccurate
    or incomplete.
     
  5. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    Is recursion turned on on either nameserver? If so, anyone could use the nameserver to look up zones and therefore get your zone info. We can look into this if access can be provided to both machines.
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Cpaneldave, just a side footnote on that topic ...

    Might be smart to set the default on Cpanel to block recursion in the
    /etc/named.conf file except to local IPs when it is installed.

    I setup dozens of servers every week and I always have to go in and
    update this manually on every server since it is not setup by Cpanel.

    Would save me a step on new server deployments ;)
     
Loading...

Share This Page