Sniffing CPanel and Webmin login?
UPDATE:
thanks to null to point out a problem with my post. I do not intend to learn or hack or experiment. I do have four web servers and have installed webmin on 3 of them, and I have installed cpanel on one of them. Lately we had a problem which resulted in going without FTP, but moving to SFTP and also "upgrade" our companies security policy (using PGP for passwords etc)... I simply want to make our environment more secure. Sorry if this post looks wrong at the first impression, english is not my native langauge and I might have used the wrong word with "sniffing".
---
Hello
I am about to strengthen the security on our servers as it came to my attention that passwords of email accounts etc can be easily sniffed if somebody is on the same network.
I didn't try this myself yet, but from what I have been told somebody on your network should be able to sniff.
This means to me that a colleague who sits next to you in the office could sniff your important ports like POP, IMAP etc, and get your passwords, but this also means to me that if somebody has a server next to yours at your hosting company, he could sniff your logins if he knows the port of cpanel or webmin. Cpanel is not hard to guess, while the webmin port is often changed.
What do you think about this. Is this true? Are there simple things one can do to "close" those holes? I mean apart from port tunneling which vandyke.com promotes ;-)
Thanks
