OLD Cpanel Exploit - Still Active
Notice:
Any Resellers or Dedicated hosts that use cPanel you should be aware that there is still an exploit people are using to see what domains are hosted on the server.
If you have cPanel/WHM on your server, just go to your domain and put /bandwidth/ after it. http://yourdomain.con/bandwidth/ Hopefully you will get a You don't have permission to access /bandwidth/ on this server message or it will ask for a password.
Otherwise you will be at a page titled Bandmin 1.4 (what ever version) from here you can access the monthly stats with a list of all domains with over 1MB of transfer.
The fix are listed below:
Make a TXT file with these lines in it: Use your servers IP# for the XXX
allow from xxx.xxx.xxx.xxx
deny from all
Name it .htaccess and place it in the servers /usr/local/bandmin/htdocs directory. This will block all but the IP that you use in the .htaccess file.
Any Resellers or Dedicated hosts that use cPanel you should be aware that there is still an exploit people are using to see what domains are hosted on the server.
If you have cPanel/WHM on your server, just go to your domain and put /bandwidth/ after it. http://yourdomain.con/bandwidth/ Hopefully you will get a You don't have permission to access /bandwidth/ on this server message or it will ask for a password.
Otherwise you will be at a page titled Bandmin 1.4 (what ever version) from here you can access the monthly stats with a list of all domains with over 1MB of transfer.
The fix are listed below:
Make a TXT file with these lines in it: Use your servers IP# for the XXX
allow from xxx.xxx.xxx.xxx
deny from all
Name it .htaccess and place it in the servers /usr/local/bandmin/htdocs directory. This will block all but the IP that you use in the .htaccess file.
