Potential Security Risk?

[Frankc]

Hello

I submitted a ticket to Hostgator to warn them about a potential security risk but your guys can perhaps look into it too.

In short it seems that a Cpanel server can gain access to the root dns zone of another server via clustering with just a reseller access key on the remote machine, and potentially also a plain hosting account access key.

I openend a reseller account at Hostgator to act as backup for DNS and email of my own server. Discover that at least the email backup would not be possible so "played around" to configure things.

On my dedicated server, I added the reseller account at Hostgator as cluster server. WHM says it failed because it must be setup on the remote machine too. (Cannot do it because even resellers cannot create clusters)

The cluster was however actually created and got ALL the dns entries from the remote server.

That is not what I want so I delete the dns entry on MY machine, to get a message that the entry was deleted on my machine and hostgators machine.

I am not sure whether this entry was actually deleted at the remote machine but anyway immediately contacted Hostgator to inform them about this.

Just let you know because it is perhaps a good idea to look into this?

Regards

 

[Frankc]

Response from Hostgator

While this is true that read access to these zones was granted, you would not have been able to modify them. You would have got permission denied errors when doing so. So read access to the zone is normal and should not be a big security issue.

Best Regards,

When deleting the zone WHM don't gave any errors but they are perhaps right and nothing was deleted on their machine.

It is however still possible for someone to get info about all the domains on a specific server so I don't really like it.

 

[easyhoster1]

Response from Hostgator

While this is true that read access to these zones was granted, you would not have been able to modify them. You would have got permission denied errors when doing so. So read access to the zone is normal and should not be a big security issue.

Best Regards,

When deleting the zone WHM don't gave any errors but they are perhaps right and nothing was deleted on their machine.

It is however still possible for someone to get info about all the domains on a specific server so I don't really like it.

Their are multiple sites on the web that can list all domains on a server.

whois.sc comes to mind as just one. Not a big concern.

 

[Spiral]

Their are multiple sites on the web that can list all domains on a server.

whois.sc comes to mind as just one. Not a big concern.

Actually the way WHOIS.SC does this is by remembering and storing in a database
the IP address resolved for a hosting site that they come across and then when
you lookup sites, it gives you those database entries with the same IP!

It is not a very accurate way of doing things because it relies on the site already
being previously crawled by WHOIS.SC and also relies on that being current.

It is actually kind of funny because of how much they are wrong all the time.

In example, if I take the IP from my busiest machine which has 800+ active
sites on that machine and run those sites on WHOIS.SC, it comes back and
says there are 38 sites on that machine ---- WRONG! Then it gets even
funnier when some of the sites listed aren't even on that server anymore.

WHOIS.SC completely blows it entirely on all my clustered, mirrored, or
load balancing accounts. Not even close and usually get the IP wrong!

As a basic information tool, WHOIS.SC is useful but I would not give them
much credit beyond that because their information is far too often inaccurate
or incomplete.

 

[DaveUsedToWorkHere]

Hello
The cluster was however actually created and got ALL the dns entries from the remote server.

That is not what I want so I delete the dns entry on MY machine, to get a message that the entry was deleted on my machine and hostgators machine.

I am not sure whether this entry was actually deleted at the remote machine but anyway immediately contacted Hostgator to inform them about this.

Just let you know because it is perhaps a good idea to look into this?

Regards

Is recursion turned on on either nameserver? If so, anyone could use the nameserver to look up zones and therefore get your zone info. We can look into this if access can be provided to both machines.

 

[Spiral]

Is recursion turned on on either nameserver? If so, anyone could use the nameserver to look up zones and therefore get your zone info. We can look into this if access can be provided to both machines.

Cpaneldave, just a side footnote on that topic ...

Might be smart to set the default on Cpanel to block recursion in the
/etc/named.conf file except to local IPs when it is installed.

I setup dozens of servers every week and I always have to go in and
update this manually on every server since it is not setup by Cpanel.

Would save me a step on new server deployments