Page 1 of 1

Bug about cpanel/webmail proxy login failures

Posted: 04 Aug 2012, 00:24
by cemk
Hello!

If Cpanel's webmail and cpanel proxy subdomains are enabled, an attacker is able to try unlimited attempts through those subdomains, since CSF does not block port 80 (it only blocks 208X, 209X ports).

Fix: Add port 80, 443 for port blocking.

Regards,

Re: Bug about cpanel/webmail proxy login failures

Posted: 12 Aug 2012, 11:04
by chirpy
It isn't a bug, it is specifically why the proxy options should not be used and why in the csf report they are recommended to be disabled. cPanel themselves recommend that they should be disabled for security reasons. If you still want to use the proxy logins, despite the security issues, then don't use LF_SELECT in csf.conf