Results 1 to 25 of 62
-
07-24-2012, 01:16 PM #1Disabled
- Join Date
- Dec 2007
- Posts
- 59
Eleven2 [Security Issue with Cpanel]
Their server security is a total mess.
You can access ANY accounts with password [xxxx].
I have talked to their support and they just fixed ONE account password.
So try it for yourself..
69.194.232.3:2083
Username: [xxxx]
Pass: [xxxx]
* I have removed actual accounts username but you can still login with the above username (which i created) and you can still access and see all other usernames because [xxxx] is the ROOT PASSWORD. WTF?
Those 3 are just some username i picked up, you can try to login with any username then when logged in, you can see and switch ALL users in the server and then try using any username and password [xxxx] and it will login. I am guessing you can access file manager and everything as well.
Good thing you cant access whm (only cpanel) with this, but still... Let see how long before they fix this.Last edited by bear; 07-24-2012 at 02:23 PM. Reason: let's not
-
07-24-2012, 01:20 PM #2Web Hosting Master
- Join Date
- Jun 2011
- Posts
- 552
Remove those account please, I don't think the owner of the website would be happy.
Last edited by Saetrevik; 07-24-2012 at 01:26 PM.
www.Hostzoom.net
Pure SSD Powered cPanel web hosting with location in Amsterdam, Netherland.
-
07-24-2012, 01:24 PM #3Web Hosting Master
- Join Date
- Feb 2012
- Location
- Memphis, TN
- Posts
- 3,285
LMFAO! its a root or reseller password. You can access any account from there.
wtf is Eleven2 thinking?█ hostingcove.com | Tennessee Based Hosting Provider.
█ cPanel Shared & Reseller Hosting - Domain Names
█ Join thousands of happy customers. Secure & Stable
█ HeroicVPS Premium KVM VPS. Ashburn / Phoenix
-
07-24-2012, 01:26 PM #4Web Hosting Master
- Join Date
- Sep 2005
- Location
- San Diego, California
- Posts
- 865
I hope it's just a reseller's password. In which case Eleven2 can't really control what passwords their resellers choose. How did you find this Op?
█ Othio Hosting - Private-Label cPanel Reseller Hosting
█ True 24x7 Support | SSD Storage | cPanel+WHM | R1Soft Backups
-
07-24-2012, 01:28 PM #5Web Hosting Master
- Join Date
- Feb 2012
- Location
- Memphis, TN
- Posts
- 3,285
It looks like perhaps a low level tech account they set up as a reseller and granted some super admin too.
The password does work for any account in the system though you need to relogin when switching accounts. lmfao█ hostingcove.com | Tennessee Based Hosting Provider.
█ cPanel Shared & Reseller Hosting - Domain Names
█ Join thousands of happy customers. Secure & Stable
█ HeroicVPS Premium KVM VPS. Ashburn / Phoenix
-
07-24-2012, 01:28 PM #6Disabled
- Join Date
- Dec 2007
- Posts
- 59
No it is the root password because i can access all other usernames with that password [xxxx].
Last edited by bear; 07-24-2012 at 02:24 PM.
-
07-24-2012, 01:33 PM #7Web Hosting Master
- Join Date
- Feb 2012
- Location
- Memphis, TN
- Posts
- 3,285
lmfao, someone looking at this could use the bulk transfer utility and mirror all of those accounts possibly.
█ hostingcove.com | Tennessee Based Hosting Provider.
█ cPanel Shared & Reseller Hosting - Domain Names
█ Join thousands of happy customers. Secure & Stable
█ HeroicVPS Premium KVM VPS. Ashburn / Phoenix
-
07-24-2012, 01:35 PM #8Web Hosting Master
- Join Date
- Feb 2004
- Location
- Toronto
- Posts
- 2,308
Popcorn material ?
VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)
-
07-24-2012, 01:36 PM #9Web Hosting Master
- Join Date
- Feb 2012
- Location
- Memphis, TN
- Posts
- 3,285
█ hostingcove.com | Tennessee Based Hosting Provider.
█ cPanel Shared & Reseller Hosting - Domain Names
█ Join thousands of happy customers. Secure & Stable
█ HeroicVPS Premium KVM VPS. Ashburn / Phoenix
-
07-24-2012, 01:41 PM #10Junior Guru
- Join Date
- Dec 2009
- Location
- United Kingdom
- Posts
- 203
You should of contacted them about this before hand, a lot of users are now going to be unhappy.
▓▓▓▓ NerdyVPS - You Will Be Assimilated
▓▓▓▓ PiePanel
-
07-24-2012, 01:41 PM #11Web Hosting Master
- Join Date
- Apr 2006
- Location
- Rotherham, UK
- Posts
- 1,547
Oh dear. Lets hope these details don't end up in the wrong hands.
IT & Hosting Solutions Rotherham - Virtual6 Ltd
IT Distributor | IT Manufacturer | Hosted Products | Business IT Support
-
07-24-2012, 01:43 PM #12Web Hosting Master
- Join Date
- Oct 2004
- Location
- Oneida, NY
- Posts
- 2,849
We are currently looking into this, but I can assure everyone that none of our root passwords are (or ever will be) [xxxx] or anything similar to that. We are still investigating this matter.
Last edited by bear; 07-24-2012 at 02:24 PM.
Big things coming soon
-
07-24-2012, 01:44 PM #13Disabled
- Join Date
- Dec 2007
- Posts
- 59
Well yes it is better if a mod see this and delete this, i am unable to edit or delete this thread unfortunately. Or better if eleven2 fix this asap as i really love their hosting, tbh.
-
07-24-2012, 01:45 PM #14Web Hosting Master
- Join Date
- Sep 2005
- Location
- San Diego, California
- Posts
- 865
█ Othio Hosting - Private-Label cPanel Reseller Hosting
█ True 24x7 Support | SSD Storage | cPanel+WHM | R1Soft Backups
-
07-24-2012, 01:45 PM #15Web Hosting Master
- Join Date
- Apr 2006
- Location
- Rotherham, UK
- Posts
- 1,547
I cant see it been a reseller account, most of the domains use eleven2 NS records, if it was a certain resellers account im sure they would all be pointing to the hosts custom NS records.
IT & Hosting Solutions Rotherham - Virtual6 Ltd
IT Distributor | IT Manufacturer | Hosted Products | Business IT Support
-
07-24-2012, 01:45 PM #16Web Hosting Master
- Join Date
- May 2011
- Posts
- 586
I was thinking about signing up at Eleven2 for reseller hosting (for a local offline website building business). Forget it.
EDIT: Signed in just to verify it. Hope the police don't come at my door, lol. There is hundreds of accounts on this server.Last edited by Appdeveloper; 07-24-2012 at 01:48 PM.
-
07-24-2012, 01:48 PM #17Disabled
- Join Date
- Dec 2007
- Posts
- 59
-
07-24-2012, 01:51 PM #18Web Hosting Master
- Join Date
- May 2011
- Posts
- 586
-
07-24-2012, 01:58 PM #19Web Hosting Master
- Join Date
- Jul 2010
- Location
- ~/
- Posts
- 1,382
While I agree that that is a huge face palm you should NEVER have posted this on a public forum, even if you have issues of your own with eleven2 you could have just caused a HUGE problem for tons on innocent customers.
<snipped>Last edited by Orien; 07-24-2012 at 03:40 PM.
█ -> INCEPTION HOSTING LIMITED Since 2010!
█ -> I am most active on the lowendspirit hosting forum Come join us!
█ -> PHOENIX USA & THE NETHERLANDS & UK EU
-
07-24-2012, 02:02 PM #20Disabled
- Join Date
- Dec 2007
- Posts
- 59
Guys this has been fixed. Thanks eleven2 for the quick work and this thread is by no means a defamation of Eleven2 and note that I will keep using Eleven2. It is just a frustration due to the support by a personnel. Thank you eleven2.
-
07-24-2012, 02:09 PM #21Web Hosting Master
- Join Date
- Aug 2004
- Location
- Houston, TX
- Posts
- 1,405
Guys, this is actually a bug in cPanel, we have addressed with them multiple times. I will not post the exact way this is done, but we have given cPanel the opportunity to fix this for months now. This is a insufficiency in the way cPanel backup and restore works.
Eleven2 Web Hosting - World-Wide Hosting, Done Right!
Shared Hosting | Reseller Hosting | Dedicated | Virtual Premium Servers
Server Locations in: Dallas | Los Angeles | Singapore | Amsterdam
-
07-24-2012, 02:18 PM #22Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
-
07-24-2012, 02:21 PM #23Web Hosting Master
- Join Date
- Feb 2012
- Location
- Memphis, TN
- Posts
- 3,285
Trying to figure this one out myself, has cPanel opened a case for this "bug"?
█ hostingcove.com | Tennessee Based Hosting Provider.
█ cPanel Shared & Reseller Hosting - Domain Names
█ Join thousands of happy customers. Secure & Stable
█ HeroicVPS Premium KVM VPS. Ashburn / Phoenix
-
07-24-2012, 02:21 PM #24Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Try restoring a backup that has root reseller privileges enabled...
That accounts password will be able to login to every account.
It would be a good idea to run this on every server:
grep "all$" /var/cpanel/resellers |sed 's/:/ /' |awk '{print $1}'Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
07-24-2012, 02:26 PM #25Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.
█ Official Let's Encrypt Sponsor
Similar Threads
-
Eleven2's Cloud & Support -- [issue]
By rgenzon in forum Cloud HostingReplies: 23Last Post: 08-15-2011, 04:06 PM -
WHM / CPanel security certificate issue?
By 3rdfloorview in forum Reseller HostingReplies: 11Last Post: 08-30-2009, 10:23 PM -
phpmyadmin security issue, how to upgrade under cpanel?
By aww in forum Hosting Security and TechnologyReplies: 3Last Post: 05-09-2007, 01:17 AM -
Major security issue with Cpanel. Watch for updates.
By ServerSupportGuys in forum Hosting Security and TechnologyReplies: 63Last Post: 02-01-2007, 04:14 PM -
Is that cpanel security issue?
By msdq in forum Hosting Security and TechnologyReplies: 4Last Post: 11-04-2004, 02:34 PM