Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Urgent Assistance Required! - Client access appears identical to root/Admin

Discussion in 'Security' started by lukeydook, Nov 9, 2010.

  1. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    51
    I need urgent assistance.

    For some reason about 75% of my clients accounts, when they login, they are root and can view all accounts!

    Luckily, I have honest clients who have let me know.

    Any ideas anyone?
     
  2. javiercampos

    javiercampos Well-Known Member
    PartnerNOC

    Joined:
    Jan 12, 2010
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    /tmp
    cPanel Access Level:
    Root Administrator
    would recommend running the following command:

    /scripts/upcp --force

    If the problem persists, you should check the permissions on Reseller center.
    Also you can contact me at msn javiercampos@espacioweb.cl
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    51
    Thankyou very much.

    Going to try this now.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When they login, where, exactly? And how do they know they've got root privileges?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    51
    It is asif they have logged in as root.

    It says "You are logged in as root" and it shows the accounts in a dropdown above the main cpanel icons as it would if you were logged into root.

    It is asthough the accounts have root access, yet not all of the accounts have this - only about 75%

    I've logged in with their details to check and it does the same.
     
  6. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    51
    Just so you are aware, this did NOT fix the issue.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What version of cPanel? I don't have a server running anything less than CURRENT here.

    In Tweak Settings > System tab > Accounts that can access a cPanel user account, whats that set to on yours?

    Previous versions it was titled "Disable login with root or reseller password into the users' cPanel interface"

    I'd disable this, or set it to cPanel User Only (depending on your version of cPanel) for now. Next go check who owns the accounts who believe they have root. Are these all reseller accounts by chance?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,554
    Likes Received:
    9
    Trophy Points:
    168
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Please ensure that no other user or reseller has the password as root; to accomplish this, I recommend using the password generator to create a new root password of sufficient strength.

    Alternatively, as Infopro mentioned, you may restrict using the root password to login as a user in cPanel & WHM (i.e., using the root password instead of the cPanel user's password).

    Here is the applicable menu path for cPanel & WHM version 11.28, specifically in WebHost Manager, with linked documentation:
    WHM: Main >> Server Configuration >> Tweak Settings >> System
    Accounts that can access a cPanel user account: [?] This setting specifies who can access a user’s cPanel account. Account-Owner refers to the particular reseller that owns the user account.
    • Root, Account-Owner, and cPanel User default
    • Account-Owner and cPanel User Only
    • cPanel User Only
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelDon, Nov 9, 2010
    Last edited: Nov 9, 2010
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice