Results 1 to 12 of 12
  1. #1
    Join Date
    Sep 2005
    Posts
    152

    How secure is the login box to cpanel?

    How secure is the login box to cpanel? (I mean the one that comes up when you type in www.domain.com/cpanel)
    Big Wow Web Hosting
    Cheap and Reliable Shared and Reseller Hosting
    •99.9% Uptime •MailScanner •Free Setup and Sitebuilder •Plesk, cPanel or DirectAdmin
    •Fast, Secure Servers •Great Free Extras •100% White Label

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    In what sense do you mean secure?

    I mean, are we talking about can people intercept your passwords, are there any flaws in the login process... etc.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    Join Date
    Sep 2005
    Posts
    152
    I mean how easy are they to log into if you haven't been told the password
    Big Wow Web Hosting
    Cheap and Reliable Shared and Reseller Hosting
    •99.9% Uptime •MailScanner •Free Setup and Sitebuilder •Plesk, cPanel or DirectAdmin
    •Fast, Secure Servers •Great Free Extras •100% White Label

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    If you haven't been told the password, you're not going to get in without a lot of illegal work... and even then, you still probably won't.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  5. #5
    Join Date
    Sep 2005
    Posts
    152
    Good Good. A customers account of mine was hacked and used to send spam, so I am just tighting everything in my system.
    Big Wow Web Hosting
    Cheap and Reliable Shared and Reseller Hosting
    •99.9% Uptime •MailScanner •Free Setup and Sitebuilder •Plesk, cPanel or DirectAdmin
    •Fast, Secure Servers •Great Free Extras •100% White Label

  6. #6
    Use https://
    better security
    OCEAN HOST
    www.ocean-host.com
    Get Online. Reach Worldwide.
    Check our uptime

  7. #7
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Quote Originally Posted by Oceanworld
    Use https://
    better security
    If his/someone's server has been hacked, using https isn't going to make much of a difference. SSL is great for protecting data back and fourth between a client and server, but if the server is compromised... it's sort of pointless.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  8. #8
    Join Date
    Jan 2004
    Location
    York, UK
    Posts
    371
    Quote Originally Posted by tims15
    Good Good. A customers account of mine was hacked and used to send spam, so I am just tighting everything in my system.
    If the user's username is a common name, and the password a simple one that could be guessed or found via a simple dictionary attck, then the hacker could have got in that way, but I doubt it.

    Or, of course, the attacker could have somehow obtained the password from the user (the user fell for a phishing scam, the user had the name/pwd stored on another machine that was hacked first, the hacker knows the user, ...).

    It is far more likely (than any of the above) that a scripting flaw in the user's site let the attacker in.

  9. #9
    Join Date
    Nov 2004
    Location
    Silicon Valley
    Posts
    569
    Quote Originally Posted by Pat H
    If his/someone's server has been hacked, using https isn't going to make much of a difference. SSL is great for protecting data back and fourth between a client and server, but if the server is compromised... it's sort of pointless.
    So, if I've had a heart attack, theres no point in the doctor following proper procedure, or using sterile equipment?

    Better to try and keep things secure while your working on pulling back toghther a comprimsed server. Why let things get worse?

  10. #10
    Join Date
    Jun 2003
    Location
    World Wide Web
    Posts
    581
    Always, use https://domainname:2083/
    The normal 2082 login is only as safe as accessing any other content on the web. Data goes in clear text and can be easily read by listening to your network device.
    SupportExpertz.com - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

  11. #11
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Quote Originally Posted by BrandonSCSN
    So, if I've had a heart attack, theres no point in the doctor following proper procedure, or using sterile equipment?

    Better to try and keep things secure while your working on pulling back toghther a comprimsed server. Why let things get worse?
    It depends on how you try and regain control of that compromised server.

    I'm not saying give up or anything... it's just that if your box has been basically rooted, SSL isn't going to do much in the bigger scope of things as long as someone else has full control.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  12. #12
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    The point is that https doesn't add much security anyway.

    In this modern day and age it's quite difficult to listen in on transmitted traffic as everything goes via switched virtual circuits and a more likely point of interception is at one of the endpoints. I'm not saying it's impossible that someone could listen in, just that it's very VERY unlikely.

    Honestly, if you're looking to improve security, I'd expend effort everywhere else first.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •