Using modrewrite to protect Cpanel

Fix it!!

Using modrewrite to protect Cpanel

Postby kusho » Thu Jul 27, 2006 10:38 am

Can someone advice how modrewrite can be used to protect cpanel?

At the moment with cpanel, anyone on the web can type

www.domain.com/cpanel
www.domain.com/whm
www.domain.com/webmail

This makes it easier for hackers and snoopers to try and access the backend of the site.

Is there a way to protect a site's cpanel both when cpanel is used on a dedicated as well as shared hosting account, in .htaccess file so that
- access to cpanel URL is restricted by IP or something similar, or specifying a custom login area.

When cpanel is configured, www.domain.cpanel is moreless a redirect to www.domain.com:2082 (or 2083 but how can this be set so that in any environment including shared accounts, someone without the right IP address cannot see anything when such is typed in?


Note that unlike preventing access to folders, for shared account users, they cannot prevent access to cpanel in the same way, because it is not a folder but a port and cpanel simply redirects one to that port.

Or if a direct management of the ".com/cpanel" redirect cannot be made especially in a shared hosting environment as it is a shared IP being used, then a way to prevent access to that redirect URL.

Normally in a shared environment, the requst comes to the server via IP and it resolves to the domain's account, e.g. 123.456.789.01~accountname

So, when someone requests cpanel or the port 2082, the person is simply being taken to 123.456.789.01~:2082 or something of the sort by a redirect that seems to pick up 123.456.789.01~/cpanel

There should be a way to prevent any redirect from a given domain

This will help make more sites a bit more secure from snoopers
kusho
 
Posts: 2
Joined: Thu Jul 27, 2006 10:10 am

Postby richardk » Thu Jul 27, 2006 11:39 am

I doubt .htaccess files can override the redirects because they're probably set in a .conf file that's processed before the.

You could do this to test:
Code: Select all
Redirect /cpanel http://www.google.com

If when you go to your-domain.com/cpanel you're redirected to Google, it can be overridden, but i doubt it can.

You're probably better off searching (ask if you can't find anything) at the cPanel Forums, maybe there's an option to turn it off and force the user to use the port number or a way to make the redirect password protected or something.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby kusho » Thu Jul 27, 2006 6:42 pm

It does not redirect to google.

Ok, I will keep on checking. As you said, it seems to be impossible except in the config file.
kusho
 
Posts: 2
Joined: Thu Jul 27, 2006 10:10 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 10 guests

cron