Bug about cpanel/webmail proxy login failures

Post Reply
cemk
Junior Member
Posts: 1
Joined: 04 Aug 2012, 00:20

Bug about cpanel/webmail proxy login failures

Post by cemk »

Hello!

If Cpanel's webmail and cpanel proxy subdomains are enabled, an attacker is able to try unlimited attempts through those subdomains, since CSF does not block port 80 (it only blocks 208X, 209X ports).

Fix: Add port 80, 443 for port blocking.

Regards,

chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: Bug about cpanel/webmail proxy login failures

Post by chirpy »

It isn't a bug, it is specifically why the proxy options should not be used and why in the csf report they are recommended to be disabled. cPanel themselves recommend that they should be disabled for security reasons. If you still want to use the proxy logins, despite the security issues, then don't use LF_SELECT in csf.conf

Post Reply