shell users can access cpanel.

ike

Well-Known Member
Apr 22, 2003
47
0
156
i recently had a user tell me they could get on cpanel even though they dont have a webhosting account with me. they have a shell account they run a psybnc. but when he went to domain.com/cpanel and the login came up his shell login and password logged him into cpanel. while i checked this out and it was true. he had no settings and there were errors as he didnt have any setup to work with i was still troubled that he could get into this. Is this a normal thing and can it be exploitable and if so is there a way to stop this?
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
i recently had a user tell me they could get on cpanel even though they dont have a webhosting account with me. they have a shell account they run a psybnc. but when he went to domain.com/cpanel and the login came up his shell login and password logged him into cpanel. while i checked this out and it was true. he had no settings and there were errors as he didnt have any setup to work with i was still troubled that he could get into this. Is this a normal thing and can it be exploitable and if so is there a way to stop this?
cPanel authenticates against system users. If you created a system user for that individual (which it sounds like you did), then they would be able to login via cPanel and experience the errors you mentioned.