Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Subdomain visible to other accounts

Discussion in 'Bind / DNS / Nameserver Issues' started by brayne, Aug 27, 2017.

  1. brayne

    brayne Member

    Joined:
    Mar 26, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi there, one of my customers created a subdomain for their account, and placed it inside their home directory. Within that directory, they created a subdirectory called "clientfiles".

    After uploading a few files to this location via FTP, it was then discovered that these files were accessible via some of my other customers' websites, with completely separate cPanel accounts on the same server.

    So, the files were placed at:
    http://subdomain.firstdomain.com/clientfiles/
    (/home/username/subdomain.firstdomain.com/clientfiles)

    And they were accessible via the web, from a completely separate cPanel account (on the same server):
    http://seconddomain.com/clientfiles/

    I don't know how this was even possible. Can someone explain why this would happen, and how I prevent this from happening?

    Thanks in advance,
    Bruce
     
  2. brayne

    brayne Member

    Joined:
    Mar 26, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Sorry, I need to add a note to this. It turns out, that the files can only be viewed if using an https:// prefix.

    So, the files were placed at:
    http://subdomain.firstdomain.com/clientfiles/
    (/home/username/subdomain.firstdomain.com/clientfiles)

    And they were accessible via the web, from a completely separate cPanel account (on the same server):
    https://seconddomain.com/clientfiles/

    Bur there is no certificate installed for https://seconddomain.com.

    http://subdomain.firstdomain.com has one of those annoying self-signed certificates that seem to get created whether you want them or not. If I delete this certificate, the problem goes away.

    Thanks,
    Bruce
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,127
    Likes Received:
    1,366
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page