Skip to main content

Security Concern Questions

Comments

7 comments

  • dalem
    Vulnerability or incorrect file permissions in the scripts you are running on the site
    0
  • Maknet Corp
    Maybe a better question: If somebody only had FTP (public_html), are they able to get into Cpanel?
    0
  • dalem
    if they are using cpanelusername = yes if they are using username@domain.com = no
    0
  • Maknet Corp
    Thanks for the quick reply! So basically, in order for a user to add in a sub-domain, they _must_ have a cpanel login at some point. So that means the question is whether the password is compromised or the server?
    0
  • Maknet Corp
    So something like this: 217.33.6.71 - xxxxx [12/05/2015:21:58:05 -0000] "GET /cpsess8899605643/frontend/x3/filemanager/showfile.html?file=testFile.txt&fileop=&dir=%2Fhome%2Fxxxxx%2Fpublic_html%2Fmy.bedandbreakfast.eu&dirop=&charset=&file_charset=utf-8&baseurl=&bas Means the hacker has Cpanel access?
    0
  • cPanelMichael
    Hello :) Assuming authentication is successful, then yes, that entry suggests access to File Manager which is only possible with the cPanel username and password. You can review /usr/local/cpanel/logs/login_log to review login attempts. Thank you.
    0
  • Maknet Corp
    Cool, thanks for the information. Just trying to figure out the way they got in.
    0

Please sign in to leave a comment.