Results 1 to 5 of 5
  1. #1
    Join Date
    Oct 2004
    Location
    Oneida, NY
    Posts
    2,842

    [25% Off] WHMControl - Server Login Management - Affordable on any budget!

    WHMControl
    http://www.whmcontrol.com/

    Introducing WHMControl - home of the premier server login management system. Using WHMControl, you can store all of your server login information and notes in a central & secure location. You and your staff members can then access the server information and one-click WHM access buttons on the go. You will save time, increase efficiency, and maximize security with WHMControl! Make your life easier - signup today!

    ~ The Key Advantages To WHMControl ~
    Keep Yourself Organized
    Stay organized by keeping all your server logins and notes centrally located within one control panel. No more fishing around to find your logins, storing them in a spreadsheet, or trying to memorize them all.

    Super Strength Security
    Your server passwords will be stored in the database using an advanced 2-layer encryption process to ensure maximum security. Our encryption method is the same method used by the U.S. government and financial institutions.

    One-Click Password Changes (WHM Servers)
    Updating passwords across your entire server fleet can often be a very daunting task - especially if you have many servers. Not anymore! WHMControl can update any root password on your WHM servers with just the click of a button!

    One-Click WHM Logins
    Save time entering login information! WHMControl features a one-click access to every server WHM within the program. All you have to do is find your server and click the button - and you're logged right in to WHM!

    Manage Staff Access Effectively
    With WHMControl, you can give each member of your staff a separate login to WHMControl - and control what parts of the program they can access. If a staff member leaves, simply remove their login to remove their access!

    Advanced Logging
    WHMControl keeps a log of every activity that is done within the program, documenting the staff member's name, IP address, action taken, and time of action. You can then review these logs from within WHMControl later.

    For a full list of features, check out: http://www.whmcontrol.com/pricing/ or try out the demo!

    ~ Demo Information ~
    Want to try out our demo? Check it out:

    http://www.whmcontrol.com/live-demo/

    Admin Demo: admin / admin
    Staff Demo: staff / staff

    ~ Try It On Your Server FREE ~
    Prefer to try the software on your server before purchasing? Not a problem! We offer a full featured 7 Day Free Trial that allows you to install WHMControl on your server and fully evaluate it before making a purchase decision. Once you've decided WHMControl will be a fit for you, simply update your license key in the admin area to continue without interruption! If you decide not to use WHMControl, you can simply uninstall it with no further obligation.

    Click Here To Register Your 7 Day FREE Trial

    ~ Purchase Today - Save 25% ~
    For a limited time, we are offering 25% off any new licenses or addons. Simply enter coupon code WHT25 to activate the discount, which will be valid through the end of the month.

    To view our pricing and plan information visit: http://www.whmcontrol.com/pricing/

    ~ Questions? Contact Us! ~
    If you have any questions about WHMControl, we encourage you to contact us! Check out our contact info at: http://www.whmcontrol.com/contact/

    Thanks for taking a look! We hope to see you soon!

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Is your encryption based on a salt and is that salt unique to each installation?
    The reason I ask is, if someone was to get a database dump and it is not salted, it would be trivial for them to just upload a copy of your product and restore the database and easily get the passwords.
    If there was a salt, they would need to obtain the salt ontop of the database dump.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Join Date
    Oct 2004
    Location
    Oneida, NY
    Posts
    2,842
    Quote Originally Posted by Steven View Post
    Is your encryption based on a salt and is that salt unique to each installation?
    The reason I ask is, if someone was to get a database dump and it is not salted, it would be trivial for them to just upload a copy of your product and restore the database and easily get the passwords.
    If there was a salt, they would need to obtain the salt ontop of the database dump.
    There are 2 separate keys to every installation, one in the database (unique) and one encoded in the software itself (not unique), but you bring up a very valid point. While all staff logins are encrypted with MD5 with a unique salt, the server logins are only unique to the key stored in the database, so theoretically someone with the database dump and a valid login could get in. Give me a couple days and I'll work up an enhancement to prevent this. It won't be overly difficult to implement this for new installations, but I'll need to work something in to re-encrypt existing data to the double-unique hash data.

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Sounds good +1
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    Join Date
    Oct 2004
    Location
    Oneida, NY
    Posts
    2,842
    Quote Originally Posted by Steven View Post
    Sounds good +1
    Just a note, the double-unique encryption keys are now implemented, with an automatic conversion for existing data. WHMControl also now encrypts the WHM access key in the database, since you can do pretty well anything using that, so it's pointless to encrypt the password and not the access key as well. Also implemented was a cron job to automatically change root passwords for all WHM servers as well. Putting a few more finishing touches on it and will have it released in a few hours.

Similar Threads

  1. [Save 50%] WHMControl - Server Login Management - Limited time offer!
    By Nick H in forum Software & Scripts Offers
    Replies: 0
    Last Post: 11-02-2013, 07:58 PM
  2. Best server management service budget around $30
    By jonas1045 in forum Managed Hosting and Services
    Replies: 7
    Last Post: 11-19-2010, 08:44 AM
  3. Server Management, Dynamic Skins, Login Monitor & Feature Deployment
    By eshop in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 11-23-2004, 01:15 PM
  4. Replies: 0
    Last Post: 10-11-2004, 12:18 PM
  5. Replies: 0
    Last Post: 09-16-2004, 02:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •