Is this (sort of) normal ?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Stelex
    Member
    • Mar 2004
    • 30

    #1

    Is this (sort of) normal ?

    I have several domains hosted on one of the cpanel servers.
    For now I won't mention user names, just in case it turns to be a security issue. But I believe and hope it's not.

    Let's say I have domain1.com with user1 as the username.
    I also have domain2.com with user2 as the username.

    Now if I type this: www.domain1.com/~user2 I can access the
    domain2.com's index file as well as all pages on that site.
    And it works so for all domains and usernames that I host, so I think it might also go for someone's else's domain with my usernames etc...

    Is this something I should't worry about or ... eeeer ... ?
  • ceeb
    Junior Member
    • Mar 2004
    • 26

    #2
    Yes, it's totally normal.

    All your sites are hosted on the same web server. Therefore, domain1.com and domain2.com translate to the same IP address (try PING domain).

    Is it a security risk? Not really. If you visit domain1.com/~user2 it's the same as visiting domain2.com - only the public files are available. Both domains will have their own email, FTP and Cpanel passwords, so it's only a risk if you decide to use the same passwords throughout.

    Comment

    • nefadol
      Junior Member
      • Mar 2004
      • 28

      #3
      Aww man, that's weird. I just tried it and it worked! The only sites I have hosted are my personal sites, but that's just weird. I didn't know it could do that.

      Comment

      • Jonathan
        Senior Member
        • Mar 2004
        • 1229

        #4
        Originally posted by nefadol
        Aww man, that's weird. I just tried it and it worked! The only sites I have hosted are my personal sites, but that's just weird. I didn't know it could do that.
        I'm able to access cPanel and Webmail, from say
        domain.com, when it was for thisotherdomain55.com etc.

        Plus not to meantion using any of your domain
        to log into the WHM, etc.
        "How can someone be so distracted yet so focused?"
        - C

        Comment

        • KyleC
          Senior Member
          • Mar 2004
          • 291

          #5
          it used to be you could steal other peoples bandwidth using that method. it may still be the case, but the other persons awstats would catch you.
          -Kyle

          Comment

          • MindlessOath
            Member
            • Mar 2004
            • 33

            #6
            if you goto http://www.cpanelxx.gzo.com/~usr/

            where xx is the number of your server, and where ~usr is your user

            thats why this works.
            --------
            aka Mo2

            Comment

            • openbox
              Senior Member
              • Mar 2004
              • 238

              #7
              I don't really see it as a big deal. After all, who's going to know to use those URLs? I believe data xfer is tied to the actual username, so that shouldn't be a concern either.

              Comment

              Working...