The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Turn Password off For cPanel Account

Discussion in 'General Discussion' started by cardine, Jun 18, 2006.

  1. cardine

    cardine Member

    Joined:
    May 17, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I have mysite.com, and I want to make it so that you do not have to log-in to cPanel.
    I want everybody to be able to access all of cpanel on mysite.com without having to go through verification.
    I can secure cPanel through other means, so may somebody let me know if this is even possible (could I do this by editing a file in cPanel since I have root access), and if it is possible could you explain to me how to do it, or at least point me in the right direction?

    Thanks! :D
     
  2. bluejeans

    bluejeans Member

    Joined:
    Nov 16, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    :) Do U want to Uncontrol A Controlled Panel?

    :eek: :) Do U want to Uncontrol A Controlled Panel?
     
  3. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
  4. cardine

    cardine Member

    Joined:
    May 17, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Is there a specific function that cURL supports that allows me to do this?

    I went through the site, and it seems like it could send user/password data behind the seens, but it doesn't seem like it removes the username/password system completely.

    Is this what you think I should do? Is it just to impractical to completely get rid of a cPanel password?

    Thank-you for your help so far! :D
     
  5. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Out of curiosity, why do you want to do so?
     
  6. cardine

    cardine Member

    Joined:
    May 17, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    To secure my site :)

    What I am doing is I am creating a script in which users can create accounts and then use everything that cPanel lets them do (databases, email, etc.). So I have one master account (since they will be given subdomains) and I have all of their stuff on one account. So I am using databases to remember which user has created which database, and to make sure none are created twice.

    So now the tricky part is getting them logged into cpanel so I can do my manipulation (the actual manipulation is done through Iframes that have encrypted source code). For some reason the log-in doesn't work through iFrames, and I was thinking about doing a popup. This however leaves my username and password wide open.

    So I thought why not just change the names of all of the cpanel files (so nobody could use them even with the username and password since my iFrames are encrypted) and then get rid of the login system altogether.

    Then I could log-in by typing in http://www.mysite.com:2082/frontend/x/jaofijijojojo.html which is actually index.html (index.html is replaced with a script that closes itself in 5 seconds).

    So to me this would actually be the most secure way since I have changed all of the paths of cPanel, and the login is the only thing that worries me.

    I guess I could let everybody see my login since all of the names are switched around, but this is much more tedious and complex IMO.

    It is basically a crazy and complex way (but it seems completely practical and do-able) to secure my site :D
     
    #6 cardine, Jun 19, 2006
    Last edited: Jun 19, 2006
  7. timdorr

    timdorr Well-Known Member
    PartnerNOC

    Joined:
    Jul 9, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Atlanta, GA
    Wait, stop right there. There's *no* such thing as encrypted source code with HTML. I can tell you right now, without even looking at what you've done, that it's going to be easily hackable.

    You're better off writing a frontend using PHP and HTTP_Client (http://pear.php.net/package/HTTP_Client)
     
  8. cardine

    cardine Member

    Joined:
    May 17, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Hmmm...
    I was under the impretion that this site http://www.protware.com would work.
    Are you absolutely sure that this will not encrypt the html to an unreadable degree?

    However if you think that even that is insecure I will take a look at the link you posted.
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They're claims are simply wrong. As timdorr says, you cannot encrypt HTML - otherwise your web browser would not be able to display it. All they're doing is encoding the HTML which basically obfuscates the text. If your webbrowser can decode it, then you can decode it. While it might take a little bit of effort, it's not impossible and it's certainly not secure - security through obscurity should not be relied upon.
     
  10. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    I agree with the above. The "www.protware.com" website merely obfuscates the html code. It makes it "more difficult" for the average person to view the simple source.

    But it can still be easily done, especially since protware.com is "open" code itself and the hacker could fairly simply see what kind of obfuscation techniques are being used.

    There is NO WAY to encrypt html code that arrives at the end-user's browser. If there were, then you would 100% absolutely need a corresponding "decrypter" to be installed on your user's browser. This would then have the secret "decryption" method, etc. (unlock keys, etc.)

    This is basically how SSL (https) works. It is encrypted on the server, and then decrypted in the web browser, because the web browser ALREADY has the descryption information in it, etc... That's why SSL certs don't work for EVERY browser... because the browser must already have the required decoder. (I know it's more complicated then this, but I'm just throwing out an example.)

    Anyway, to accomplish what you want, you could use the cpanel un/pw in your URL, like this:

    http://username:password@www.domain.com/frontend/x2/index.html

    But again... you're asking for trouble if you continue down the path you're on. Plain and simple. You can NOT encrypt your html code that arrives at the browser. It just can't be done. The system wasn't designed this way. (Although many wish it were!) The best you can hope for is to make it "more difficult" to hack your code. But a good hacker will have absolutely no problem to do this.

    :(
     
  11. cardine

    cardine Member

    Joined:
    May 17, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
  12. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Look into the socket commands.

    fsockopen() I think ...
     
  13. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Actually what I think you should do is stop trying to re-invent the wheel (with a square one), but I digress - hehe. Yes, curl will allow you to do a post behind the scenes and return the resulting page. I like the way it works, it handles cookies, SSL and will return a page within a var for you to manipulate if needed. Hope it helps...
     
  14. cardine

    cardine Member

    Joined:
    May 17, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Well I had been looking into it after you recommended it and when I got PHP recently updated to PHP5 it came with cURL :D

    I came up with this solution:
    To avoid showing the entire cPanel file I will just copy another one into the cPanel directory and rename it (ex. doaddftp.html would be copied and renamed to doaddftp111.html) and this copied file will only include the actual processing (so it will not have the cPanel links and pictures but it will do all of the cPanel functions).

    So I then created this standard code off of their tutorial/demo:
    PHP:
    $ch curl_init(); 

    curl_setopt ($chCURLOPT_URL"http://myusername:username@www.mysite.com:2082/frontend/x/subdomain/doadddomain1.html?rootdomain=mysite.com&domain=$username"); 
    curl_setopt ($chCURLOPT_HEADER0); 

    curl_exec ($ch); 

    curl_close ($ch);  


    I have tried this script on a bunch of things and it has worked each time! :D
    It is also completely secure as it never outputs the username/password or the url that it retrieved the info from.
    I have to thank all of you (especially Webtiva) for showing me that my script was insecure and giving me an easy way to fix it. If it wasn't for you guys I'm sure I would've been hacked. :D
     
Loading...

Share This Page