This morning I received notification from Google (noreply#gooogle.com) that several of my accounts on my shared Linux hosting reseller account had phishing links placed on them. They were all different hosted domains on the same reseller account. The links had something in common, so were probably placed by the same hacker. All suspicious links looked like this:
example.com/~cp/request/linkd/index.php?userid=aname%40domain.com
I contacted the hosting company about a possible vulnerability on their servers, but I was wondering if these links could have been placed on my accounts due to one of my admin passwords being compromised. I also would like to know where I could find these links and remove them myself. I'm not sure where to track down the /~cp/request/linkd/ Linux directory. Is this related to a cpanel directory? My search of my file system for index.php did not find any suspicious files or directories.
Also, some sites were running WordPress, but are all up to date and hardened installs, and some sites were basic html5 sites (no WordPress).
I think cp user is created on your server and that is the infected USER. I can see mod_userdir is enable on your server and that is the reason they can able to access that infected URL with your domain name (example.com/~cp URL), So please contact your hosting provider and ask them to disable mod_userdir and check that URL again.
This should be addressed by your hosting company. It seems that your hosting server is not configured properly and it allows to access any account using temporary URL using any domain hosted on the server. This is not recommended settings because if one of your accounts is compromised, Google may consider all domains have suspicious code.
You should immediately contact your host to fix this issue. They will have to adjust Apache mod_userdir settings to prevent such issue.
Related
After reading as much as I can from the CPanel documentation and forum posts I have come to the conclusion that what I want to do is not possible but I thought I would have one last try just in case.
I have a server that hosts a number of domain accounts that are managed by CPanel, some of the domains have a Wordpress supported website that includes a plugin to provide services to the users.
I don't have root access, that is only available to the service company that host the server.
I would like to provide a webpage (php) that displays the email forwarders to selected users who do not have access to CPanel.
Is this possible?
Thanks
Mike
I've recently purchased a VPS running Centos and cPanel.
I have several domains setup, all with their own individual cPanels. However, I'd like for the websites to be able to access a private, shared folder on the server.
I've written PHP classes that I'd like all the sites to have access to and I don't want to have to upload the files multiple times for individual sites.
Is there a folder where cPanel 1 and cPanel 2 can access whilst existing on the same server? Or could I create one?
Any help would be much appreciated.
Thanks.
The cPanel environment is designed to host websites within individual accounts while keeping their content separate and secure from other cPanel accounts on the same server. While you can configure your server to allow this type of sharing, doing so is not officially supported by cPanel as it circumvents many functions specific to the type of environment cPanel is trying to create.
http://serversitters.com/share-a-folder-between-2-cpanel-accounts-on-a-server.html
If this is not the correct forum for this question please tell me!
When one has an account on a shared server host running cPanel, the account runs in a jailed environment where access to files is restricted to /home/myaccount/ and its subdirectories. However PHP runs as root, so is there any security issue possible where another (malicious) user could craft php scripts in such a manner as to access files in another users file area. I have heard conflicting stories about this and would like a definitive answer from a "server guru".
I am in the early stages of thinking through a product I am looking to develop, the product is a hosted e-commerce solution. What kind of things do I need to think about when allowing users to register there own domain names? Hows does that even work? I know I can do subdomains, but no idea how a users own domain would work on the hosted solution?
Any ideas?
You can run multiple domains on a single host using virtual hosts, as supported by HTTP 1.1. See the Apache docs for setting up virtual hosts for Apache httpd for example (you may use some other web server).
You probably don't want to get involved with the actual domain registration: users should register the domain with an established domain registrar and configure the A record to point to your server.
All a user would then do is specify their domain name and you'd update Apache's httpd.conf (or equivalent config file) appropriately.
You might want to look into the easy way out - A resellers account. I had one before, it was easy to use and setup. The only problem I had was there are extra fees if you want people to register domains though your website. It's worth the money if your going to make it back.
I used JustHost.com, there pricing is fair but there e-mail system and cPanel are out-dated. E-mail is fine if you use POP3 or IMAP.
Good Luck,
CwTechies
I need to create a common installtion of Wordpress which I can then use accross a number of domains.
I have looked into Wordpress Multisite but I can't want to point all the domains to the same hosting account each domain will need to have it's own hosting domain.
To clarify I need to do the following:
Install a wordpress codebase
Use this codebase for any domain of the server without pointing the domain at that hosting account
Be able to update the Wordpress core & plugins only once
Is this possible??
Hosting specs - UNIX hosting, PHP 5+, MYSQL
I don't think you can acheive this requirement:
Use this codebase for any domain of the server without pointing the domain at that hosting account
Without help from the hosting company to implement something like NFS at the OS level.
If the domains will share a wordpress installation, what files remain to be hosted separately?