Skip to main content

Phishing and 2factor

bertelschmitt
I am in receipt of a more or less decently made mail that invites me to go to Cpanel.net to "reconfirm my account." Of course, the link does not go there, but to - Removed - (redacted to defang link.) This reminds me: When does Cpanel finally get 2factor auth? With it, even a successful phish would be out of water. I don';t know what is taking so long to enable 2factor. Cpanel clearly is under attack, and passworded Cpanel sites are very weak links in a big chain. I get 2factor for free with Webmin and sundry other products. Is it too much to ask to request this feature for something for which I am paying no insignificant amounts for two servers?

Comments

2 comments

Date Votes
  • Infopro
    Please feel free to sign on to this Feature Request: Two-factor Authentication - cPanel Feature Requests Here's a blog post by cPanelTravis that may be useful to you: How to Minimize and Stop Phishing Emails - cPanel Blog The email you mention has been seen many times over the years. For anyone reading this thread later, this from a cPanel Blog post in 2011: [QUOTE]It appears that a phishing email is being distributed with the from address of security @ cpanel.com. This email has not been generated by cPanel. Details of the email. [QUOTE] Subject: Measures Against Identity Theft From: security @ cpanel.com Dear Customer, For security reason, we advice you to view the attached file to read the update Message. Thanks, Control Panel Mgt
    [LIST]
  • cPanel as a company does not send emails to end user (website owners). Please be advised that communications in relation to your web hosting service will almost always come directly from your web hosting provider or server owner.
  • cPanel owns the domain name cpanel.com, however we only send official notification through our primary domain cpanel.net.
  • cPanel does not send mass emails requesting authenication details on web hosting or other related accounts. For more information on protecting yourself against these types of emails please follow the below link: http://www.fraud.org/scams/internet-fraud/phishing
    HTH!
    • 0
  • bertelschmitt
    I did read the post many times, and voted in the affirmative. This request is more than a year old. It received a lukewarm welcome, and I am getting the impression that it is being ignored studiously. Will it need a huge disaster for it to be taken seriously? This shouldn't take longer than a week to implement. 1 day of coding, and six days of testing. Please let your customers know what is holding you back, or why you don't want this glaringly missing feature.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post