Jump to content

Security Breach On My Cpanel


Recommended Posts

FYI...

 

Somehow somebody was able to get into my CPANEL and he linked it on his website. I notice a new Link on my STATS page. When I went there:

 

 

My CPANEL was linked and easily available. I have since changed my password but am curious how was able to get in#$%@$% Mad!!!

 

He is doing this with other people as well!!

 

[i removed the link to the other site - TCH-Jim]

Edited by Head Guru
Link to post
Share on other sites

Along a similar line...

 

I know that at one point there was a thread on using SSL to access Cpanel.

 

At the TCH FAQ page it says

How do I access my CPanel website control panel?

Navigate to https://www.yoursite.com/cpanel and replace "yoursite.com" with your domain name.

 

But that doesn't seem to work for me.

 

I'm sure there's a brain dead easy way to login to Cpanel using SSL.... can someone point me to the thread or remind me how.

 

Thanks.

Link to post
Share on other sites

While going through my stats I found a link to h**p://www.bongohome.com/ .

This person has a link to my cpanel also. I changed my password but the link is still there. The link is about half way down and on the left side. How are these people doing this?

Link to post
Share on other sites

the links you are seeing to your cpanel is from the sites refferer list. They dont actually have your Cpanel name and password, the reason it lets you log in from the link is because you have logged in to your cpanel before and your pc remembers you. If anyone else clicks on the link they get the password prompt.

Link to post
Share on other sites
Its strange! When I changed my password so the link would not work. the Link disappeared from his site  Mad!!!

What happened is the site is probably using a "most recent refferers" scriptr, like the last 10 or something. When you went to the site the first time you went to it from your cpanel, so that made your cpanel one of his most recent refferers and you showed up on the list. Natuarally when you click on the link on his page it logs you into cpanel because it is your cpanel and your computer remembers you.

 

Now, when you changed the password and later went back to his site you were no longer in the "most recent refferer" list so your link was no longer on his page....make sense??

Link to post
Share on other sites
Is there is a way to ftp securely?

 

Jack...I'll stretching the bounds of my knowledge here, but I'll throw this out there. Maybe I'll learn more!

 

I'm doing a site for an organization that said they use "Secure FTP". They said that the paid version of WS-FTP supports it, or I would have to download SSH.

 

That's the extent of what I know...thought it might apply, though.

Link to post
Share on other sites

I think SmartFTP can connect securely... Hold on, let me try it...

 

[tries]

 

SSL Implicit said "Connected. Exchanging encryption keys... SSL Error The token supplied to the function is invalid"

 

SSL Explicit said "AUTH TLS 500 Security extensions not implemented"

 

Implicit didn't even get connected, but Explicit got connected, put in AUTH TLS, then was disconnected after the error message.

 

Perhaps TCH can support whatever SmartFTP uses? :D

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...