Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Unknown email forwarding setting

Discussion in 'E-mail Discussion' started by BennyBS, May 11, 2018.

  1. BennyBS

    BennyBS Registered

    Joined:
    May 10, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Malta
    cPanel Access Level:
    Reseller Owner
    Hi, this happened to me 6 months ago and again recently. Basically, the mailbox user reported suspicious activity 6 months ago and when I looked into the matter I found that there was a forwarding address set that all emails received in that mailbox are also copied to another email address. When this happened 6 months ago, I just removed the forwarding setting, changed the mailbox password and my account credentials as well as set up two-way authentication. I also made sure that the mailbox user has the correct settings and that his credentials are not in a position to be compromised.

    Last week it happened again and this time I was baffled as there is no way that the account was compromised credentials wise, only I have access to the server backend and the password is not stored anywhere and there is two-way authentication set up. Also, the mailbox user was 100% sure it wasn't a credentials issue. The same issue, a forwarding email was set up on the mailbox to another email address unknown to both myself and the mailbox user.

    I suspect that there is a webmail vulnerability and I will explain why. The main CPanel server administration panel is only accessible to me and I am certain that that is safe. The mailbox user uses Outlook to read emails but obviously, the mailbox user has webmail which really he doesn't use. There are two ways of adding a forwarding address visually, the backend and webmail. Webmail, you log in and on the top right you click on the user section and it's the last option.

    The vulnerability is either in the webmail front end panel or a permission on a file which stores the forwarding details.

    The issue is that you cannot turn off webmail for mailboxes which might limit access. Webmail is very "up to the person" kind of. Most people do not use it whilst others find it useful. I would disable it as default and enable it just who needs it.

    Hope this may shed some light on this issue. This is happening to users, they are just not reporting it!!!
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,551
    Likes Received:
    253
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @BennyBS

    Do you have an account that you can show this occurring on now? If you do I would really like for you to open a ticket using the link in my signature so that we can investigate this further.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    98
    Likes Received:
    13
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    sideissue to your main concern:

    Benny you can disable specific webmails (Horde, Squirrel, etc.) in WHM --> Server Configuration --> Tweak Settings . so maybe disable them all would prevent webmail access.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice