I have some cpanel questions that I thought I could place here : )
1: Does cpanel log login attempts (successfull/unsuccessfull ones), and does it display them in cpanel or is it in some log file somewhere only?
2: Does cpanel have separate users, or do you login with regular system users?
3: if separate users are kept, where does it store the password hashes, and what algorithm is used for hashing?
Does might serve better in the hacking category, but it's a bit of a general thing so ^^
//C
cpanel questions
cpanel questions
"The best place to hide a tree, is in a forest"
-
visser
- Fame ! Where are the chicks?!
- Posts: 472
- Joined: 03 Apr 2007, 16:00
- 17
- Location: online
- Contact:
Re: cpanel questions
Whats up cats!
Alrighty so im a long winded guy so im sorry if im repeating info you already know but im sure somebody will eventually find it useful.
CPanel is easily one of the best softwares for bringing some sort of single point of control/management for an operating system that has so many controlling options to it. Apache web server alone can be configured more ways than I would care to discuss in this post, so a whole linux system... woah. Needless to say CPanel can get a little hairy if you dont run every single thing through it. which brings me to answering number 1 and 2 simultaneously.
Each "User" on a cpanel install is an actual linux user because as I jsut mentioned, cpanel is an attempt to offer a management solution for linux. So if you have a user on your domain, normally its assumed that this user has a fully manageable website. All the way from ssh to cron jobs. On a fully configured CPanel install this could easily mean that each domain (well assume for the sake of convo you got a 10 domain license) of those 10 would have a new user, or it could even be a single user with access to all domains. So yes every user in cpanel is technically a linux user, but its more an abstraction. Sometimes you will have users who can only access a mysql domain for a single website. Since this is the case sometimes you dont have a linux user, and sometimes you do. It all depends on that users permissions within the install. If you wanna get CPanel WHM into the mix holy fucking shit does it all get really crazy really fast. Most often than not we have its a linux user. So thats number three, Everything is stored where the normal linux user passwords are stored. /etc/passwd /etc/shadow /etc/group
Alrighty so im a long winded guy so im sorry if im repeating info you already know but im sure somebody will eventually find it useful.
CPanel is easily one of the best softwares for bringing some sort of single point of control/management for an operating system that has so many controlling options to it. Apache web server alone can be configured more ways than I would care to discuss in this post, so a whole linux system... woah. Needless to say CPanel can get a little hairy if you dont run every single thing through it. which brings me to answering number 1 and 2 simultaneously.
Each "User" on a cpanel install is an actual linux user because as I jsut mentioned, cpanel is an attempt to offer a management solution for linux. So if you have a user on your domain, normally its assumed that this user has a fully manageable website. All the way from ssh to cron jobs. On a fully configured CPanel install this could easily mean that each domain (well assume for the sake of convo you got a 10 domain license) of those 10 would have a new user, or it could even be a single user with access to all domains. So yes every user in cpanel is technically a linux user, but its more an abstraction. Sometimes you will have users who can only access a mysql domain for a single website. Since this is the case sometimes you dont have a linux user, and sometimes you do. It all depends on that users permissions within the install. If you wanna get CPanel WHM into the mix holy fucking shit does it all get really crazy really fast. Most often than not we have its a linux user. So thats number three, Everything is stored where the normal linux user passwords are stored. /etc/passwd /etc/shadow /etc/group
AKA Scottyrabbit
software engineers unite!
//When my words are remembered its because my actions were loud enough.
software engineers unite!
//When my words are remembered its because my actions were loud enough.
Re: cpanel questions
Thanks for the reply visser 
Much appreciated!
Much appreciated!
"The best place to hide a tree, is in a forest"
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: cpanel questions
first I have to say that I never really used cpanel, I only use hosting frameworks which basically just provide an iface for the user adding procedures but don't have any deeper server administration functionality.
from what I know cpanel is not logging failed attempts, at least not without 3rd party modules installed....and even then those modules just utilize the standard Linux logs and do not create own ones, this means failed website logins are not logged until it's not explicitly configured to log form submissions on server level (and only very few admins really do that because it causes a pretty nasty overhead).
so IF someone logs access activity via cpanel it's most likely only mail-, ftp- and ssh-activity, because those logs are provided by Linux anyway (auth.log, syslog, mail.log). if there is a "max. login attempts" rule for the cpanel web iface itself then it's implemented via cookies with a 99% chance.
from what I know cpanel is not logging failed attempts, at least not without 3rd party modules installed....and even then those modules just utilize the standard Linux logs and do not create own ones, this means failed website logins are not logged until it's not explicitly configured to log form submissions on server level (and only very few admins really do that because it causes a pretty nasty overhead).
so IF someone logs access activity via cpanel it's most likely only mail-, ftp- and ssh-activity, because those logs are provided by Linux anyway (auth.log, syslog, mail.log). if there is a "max. login attempts" rule for the cpanel web iface itself then it's implemented via cookies with a 99% chance.
