The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

tweaking mod_userdir to allow IP only...

Discussion in 'General Discussion' started by 4u123, Apr 5, 2009.

  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Hi, Does anyone know if it is possible to change mod_userdir so that it only works via...

    http://ip.ip.ip.ip/~bob/

    instead of...

    http://any_domain_on_the_server/~bob/

    I'm asking this for the following reason...

    An account was recently used in a phishing scam. The customers login details were compromised from their own computer, not via any vulnerability on the server or in the customers webspace.

    The fraudster had a list of domains hosted on the server and simply linked to the "bob" account in different phishing emails but from all the different domains -i.e....

    domain1.com/~bob/
    domain2.com/~bob/
    domain3.com/~bob/
    domain4.com/~bob/
    domain5.com/~bob/

    Paypal in their wisdom contacted us to say that a large number of sites had been compromised - which of course was NOT the case. We were also contacted by phishcops.net who seem to have taken the liberty of reporting each individual site as being the source of the phishing scam - when of course it was simply one account.

    Is there any way of forcing mod_userdir to use the IP address / server hostname but not any other domain on the server?
     
    #1 4u123, Apr 5, 2009
    Last edited: Apr 5, 2009
Loading...

Share This Page