TangentIdea Posted March 25, 2004 Posted March 25, 2004 I was just wondering, how vulnerable are my passwords, really, when they're transmitted without encryption? I'm thinking primarily about the cPanel and WHM logins, since up til now I haven't bothered to use the encryption feature. How much difference does it make? -Ryan Quote
MikeJ Posted March 25, 2004 Posted March 25, 2004 I assume you are talking about SSL versus standard HTTP. The difference is if you don't use SSL, your login name and password are sent over the internet in plain text. That means if a system on your end, on your shared bandwidth (if you have shared bandwidth), or on the recieving end is compromised, it's possible someone could capture those packets and read your ID and password. As long as it doesn't cause you any problems, I always recommend for people to use SSL. All of the SSL ports are one port above the non-SSL ports. So instead of http://******:2082/ for cpanel, use https://******:2083/ (remember to add the 's' for https). For WHM, port 2086 is non-secure, 2087 is secure. Webmail, port 2095 is non-secure, 2096 is secure. You will get an error on the certificate if you don't have SSL certificate installed, but just approve the connection anyway. Quote
ThumpAZ Posted March 26, 2004 Posted March 26, 2004 Just a quick note: You do not have to have shared bandwidth, someone in your side of the line or a compromised recipient side to have the possibility of someone capturing messages on the wire. While this type of capture/sniffing is definitely not as common, it is used. Using the tips that MikeJ just told you are very good at helping to keep your info safe. One of the best ways to protect yourself, is to change your password regularly, and not used anything standard (insert numbers and special characters &$%^*() for example. The person who will be trying to get at your info is not going to trust that their first hit is a valid message, and they are also going to wait and see what they can get a hold of that is more useful to them such as a login to online banking, credit cards, etc. Be safe and be wary unless you see the https in the URL Quote
TangentIdea Posted April 9, 2004 Author Posted April 9, 2004 Thanks, guys. I should probably start using SSL then -- it would quite a mess if somebody hacked my accounts. -Ryan Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.