E-mail forwarders security

chrismfz

• September 03, 2018 07:08

We have a lot of outbreaks using forwarders. Hacked e-mail users (not cPanel main user) using webmail are installing various forwarders. Typically to receive every mail to another account and intercept communications/passwords/whatever malware-or-evil-deed-goes-here. Is there a way to disable forwarders for mail users ? If someone needs a forwarder he/she can create from inside cPanel. Not the e-mail username/password. I found various ways of blocking / disabling mail forwarders but not something like this. I am not searching to completely disable forwarders, just from the end-mail-user because of the security risks.

• 

  cPanelLauren

  • September 03, 2018 19:31

  Hi @chrismfz You can disable the forwarder manager from the feature list for the account but there isn't currently a method to disable the forwarders for just an email account. If you'd like to see this as something in the product I would suggest opening a feature request by clicking the link in my signature. Once it's open please post the link here so others can vote for it as well. Thanks!

  0
• 

  chrismfz

  • September 04, 2018 07:52

  Hello Lauren. I mean if there is an option to disable forwarders, filters, or the whole top bar from the mail users not completely from cPanel. Admin / owner should have access from cPanel normally. But users shouldn't. A Feature in feature list to disallow users from accessing those options should be enough. Is there a workaround for that?

  0
• 

  rpvw

  • September 04, 2018 09:48

  In the context of getting forwarders created by hackers, shouldn't we be concentrating on HOW the account got hacked in the first place so that the forwarder could be created ? I can see various scenarios where an email (and therefore a webmail) account could be compromised including:

  • Brute force password
  • Using a public pc and not clearing up your login details
  • Getting conned into giving away your password (by whatever method)
  • Password sniffed on public Wi-Fi
  • Keyloggers and other malware

  etc etc The sad reality is that a huge number of people can be persuaded to tell you their password just by offering them a bar of chocolate! and that is before various socially engineered scams trick them into entering it onto some web form that claims that their email account is about to be blocked unless they authenticate to it on this special form NOW (I had one of my customers conned by this trick last week resulting in a forwarder to a Gmail account). We are back to treating the symptom and not the disease by disallowing feature access to miscreants after they have already got in. I am not sure there will ever be an answer to persuading users to be careful about how and where they disclose or input their passwords, after all, the only thing separating genius from stupidity is that genius has limits ! In the meantime, perhaps ensuring that users cant use stupidly short or dictionary words might provide some security, but then since they cant remember them, they will write their passwords down on a label and stick it to their monitor or laptop so that it is easy to find - I have seen them on public display on the lids of laptops being used at Wi-Fi hotspots. Probably, we need to get everyone that uses a computer implanted with an rfid that performs part of the authentication process (wouldn't law enforcement just love that ?) or make 3 or maybe 4FA obligatory, or maybe someone needs to develop a DNA scanner like a fingerprint reader.......... One thing does occur to me that perhaps we should disallow authentication from plain text username/passwords and ensure that one or other encryption protocols are initiated prior to an authentication session - at least that might mitigate to some extent packet sniffers or Man-In-The-Middle events. Thanks for reading, and I am off to buy several bars of chocolate..........

  0
• 

  cPanelLauren

  • September 04, 2018 13:46

  Hi @chrismfz

  I mean if there is an option to disable forwarders, filters, or the whole top bar from the mail users not completely from cPanel.

  
  I understood what you mean and the method I noted is the only way to do that but it removes the ability to manage filters from the cPanel account as well. As I noted in my previous response if this is something you'd like to see in the product I would suggest opening a feature request for it. I also want to note that @rpvw's sentiment is correct in my opinion:

  In the context of getting forwarders created by hackers, shouldn't we be concentrating on HOW the account got hacked in the first place so that the forwarder could be created ?

  
  Ultimately prevention of compromise is the best way to ensure that this behavior stops. Thanks!

  0
• 

  sparek-3

  • September 04, 2018 14:56

  Is there a way to super like @rpvw's post?

  0

Please sign in to leave a comment.