WHM Login page found in Google
Hi,
I've uncovered that the WHM Login page has been found in Google because there is no meta robots tag specifically denying access to the login page. I have no idea how the Googlebot has found the WHM login page, but somewhow it has.
I need a way to edit the WHM Login page template and add in the meta robots tag, perhaps with an X-Robots-Tag header as well. We pay a lot of money for this software, it's not really acceptable that there are basic flaws like this in the software. It's sloppy at best.
-
Hey there! I have two thoughts about this issue. The first thought, is that in general, WHM login pages aren't something that show up in Google, so it would seem this is unique to your environment. Could you possible have a redirect or something else in place that would explain this for a specific machine? My second thought, is that cPanel & WHM is widely-known as the most popular control panel, so it's common for bots/malicious tools to attempt "randomdomain.com/whm" and "randomdomain.com/cpanel" just to see if there are common passwords. Especially with WHM, since the user is always "root" for the main username, trying to see if there is a WHM login and guessing the password is trivial. This is why we offer tools like cPHulk to prevent brute force attacks, and 0 -
Hi Rex, Thanks for your reply. It"s actually neither of those links, it"s a link of server.example.com:2087/ I have no clue how this has been found, there are no links to it anywhere, it was never sent by email for Google to pick it up".. I don"t know how it has been found. It is worth noting that the cPanel login page is not in Google, just WHM (which is arguably worse). There are no redirects in place either from anywhere to result in this. How do I add in the meta tags so I can remove the URL via Webmaster Tools? I understand re the redirect issue which is why I"m considering disabling the redirects, to prevent hackers from checking this. However as cPanel runs on ports 2083 & 2087 anyway, someone could just check that instead so I"m in two minds about that at the moment. Re cPHulk, this is used on the server already. 0 -
Just to clarify a bit further as well: the WHM page (and port 2083) are the only pages which actually exist under server.example.com. There are no other references to it anywhere on the Web, other than the Zone file, but this is held off the server. If you were to try port 80 or 443, you"d get the default cPanel page as the site doesn"t exist other than for cPanel services. 0 -
I did reach out to our team about this and there was work in case CPANEL-37929 to prevent these pages from being indexed. However, that doesn't mean the solution was perfect. I can also confirm that that isn't a way to add the meta tag, as you can't permanently edit the login pages. Could you create a ticket with our support team so we can get more details from your system about the issue? 0 -
Would selectively blocking those ports except for authorized users be a solution? I believe csf has that built into it. 0 -
That part I'm not sure. I know you could easily limit who can access the pages through WHM >> Host Access Control. 0
Please sign in to leave a comment.
Comments
6 comments