Security Breach On My Cpanel

[karmacriminal]

FYI...

 

Somehow somebody was able to get into my CPANEL and he linked it on his website. I notice a new Link on my STATS page. When I went there:

 

 

My CPANEL was linked and easily available. I have since changed my password but am curious how was able to get in#$%@$% Mad!!!

 

He is doing this with other people as well!!

 

[i removed the link to the other site - TCH-Jim]

Edited November 13, 2003 by Head Guru

[Deverill]

Sorry I don't completely understand. Where exactly did he add a link?

[karmacriminal]

Its strange! When I changed my password so the link would not work. the Link disappeared from his site Mad!!!

[TCH-Sales]

This would be a good time to suggest that everybody have a good password, and change it often!

[surefire]

Along a similar line...

 

I know that at one point there was a thread on using SSL to access Cpanel.

 

At the TCH FAQ page it says

How do I access my CPanel website control panel?

Navigate to https://www.yoursite.com/cpanel and replace "yoursite.com" with your domain name.

 

But that doesn't seem to work for me.

 

I'm sure there's a brain dead easy way to login to Cpanel using SSL.... can someone point me to the thread or remind me how.

 

Thanks.

[TCH-Andy]

Jack,

 

>https://www.domain.com:2083

 

Andy

[curtis]

While going through my stats I found a link to h**p://www.bongohome.com/ .

This person has a link to my cpanel also. I changed my password but the link is still there. The link is about half way down and on the left side. How are these people doing this?

[TCH-Dick]

the links you are seeing to your cpanel is from the sites refferer list. They dont actually have your Cpanel name and password, the reason it lets you log in from the link is because you have logged in to your cpanel before and your pc remembers you. If anyone else clicks on the link they get the password prompt.

[surefire]

Thanks Andy. That did the trick. Rock Sign

 

I'll press my luck and ask:

 

Is there is a way to ftp securely?

[curtis]

Thanks Mike for the fast reply.

[RJSkon]

Curtis

 

Where abouts did you find that URL in Cpanel?

 

Richard

[curtis]

Richard, Open cpanel then AWstats,go down to Referers>refering sites.

I also see your site as a referer several times so thanks for the link.

[TCH-Dick]

Its strange! When I changed my password so the link would not work. the Link disappeared from his site  Mad!!!

What happened is the site is probably using a "most recent refferers" scriptr, like the last 10 or something. When you went to the site the first time you went to it from your cpanel, so that made your cpanel one of his most recent refferers and you showed up on the list. Natuarally when you click on the link on his page it logs you into cpanel because it is your cpanel and your computer remembers you.

 

Now, when you changed the password and later went back to his site you were no longer in the "most recent refferer" list so your link was no longer on his page....make sense??

[natimage]

Is there is a way to ftp securely?

 

Jack...I'll stretching the bounds of my knowledge here, but I'll throw this out there. Maybe I'll learn more!

 

I'm doing a site for an organization that said they use "Secure FTP". They said that the paid version of WS-FTP supports it, or I would have to download SSH.

 

That's the extent of what I know...thought it might apply, though.

[DarqFlare]

I think SmartFTP can connect securely... Hold on, let me try it...

 

[tries]

 

SSL Implicit said "Connected. Exchanging encryption keys... SSL Error The token supplied to the function is invalid"

 

SSL Explicit said "AUTH TLS 500 Security extensions not implemented"

 

Implicit didn't even get connected, but Explicit got connected, put in AUTH TLS, then was disconnected after the error message.

 

Perhaps TCH can support whatever SmartFTP uses?