Portal Home > Knowledgebase > Articles Database > Are most web Control Panels insecure?
Are most web Control Panels insecure?
| Posted by Feldon, 04-13-2008, 08:54 AM |
| I am currently using four different web hosts for different projects. All of them offer a web control panel, which is handy. However, I was noticing today that none of them use https to access/use the control panel.
This seems like a gaping security hole to me, or am I missing something?
|
| Posted by ub3r, 04-13-2008, 08:56 AM |
| What control panels are you using? Most of them do support ssl, however include non-ssl access as well.
cpanel ssl runs on port 2087, while non-ssl runs on 2086.
|
| Posted by cristibighea, 04-13-2008, 09:07 AM |
| SSL will only be used to encrypt the data sent between you and the control panel in this case, so unless your internet connection is being monitored, or someone might be able to somehow see what you are sending to the control panel in question I doubt you'll need to use SSL.
|
| Posted by sbray, 04-13-2008, 09:28 AM |
| From what I understand https access is built into Apache. Type this into your web browser's search engine, "Apache https setup".
All of the technicians I know say cPanel is the best control panel for many different reasons. One of them being the ease at setting up security measures, including https access. Here are a couple links to cPanel's website where they give a few tips to tighten up security even more and how to set up certificates...
http://www.cpanel.net/security/commontips.htm
http://www.cpanel.net/security/publickeyauth.htm
Hope this helps.
|
| Posted by whmcsguru, 04-13-2008, 01:11 PM |
| A list of control panels that DO provide ssl access
Plesk
CPanel
Ensim
Webmin
LXAdmin
Unsure about:
Directadmin
Based on that list, I'd say that the majority of them Do support secure access. Some of them require a separate port (Cpanel), one I'm not 100% sure about as I don't have access to test it, but IIRC they, as well support SSL access.
|
| Posted by blite, 04-13-2008, 06:16 PM |
| ssl is simply a way to reassure consumers it really has nothing to do with security and there are often many paths that could be taken to obtain the same data that is "secure"
|
| Posted by tix3, 04-13-2008, 06:36 PM |
| Directadmin can also be configured to work with https://
|
| Posted by brianoz, 04-14-2008, 03:17 AM |
| Great to see someone saying this - most people don't understand this at all!
SSL only secures data as it travels across the internet. For normal mortals (ie non NSA/CIA folks) the internet is actually pretty secure; the data's actually many times more likely to be stolen at the endpoint of the connection (ie on the PC or on the server) than it is in transit.
Back in the old days, this was different. Datacenters and PCs used hubs, which broadcast data received on one port out on all the other connected ports, making it very easy to eavesdrop on data intended for other computers. These days it's much harder to eavesdrop as switches have replaced hubs, and switches send the data direct to the destination port rather than broadcasting, making it almost impossible to eavesdrop. Most people don't know this bit of history so they think that SSL actually means something. The only thing that SSL means is that the owners of the site have put at least a little token thought into security!!
|
| Posted by JulesR, 04-14-2008, 05:21 AM |
| I third the comments that SSL is (most things considered) nothing more than a marketing ploy. It also slows down sites unnecessarily - and when you're deaing with things like control panels (that can already add quite significant system overheads), this generally isn't good.
As brianoz quite rightly says, these days the most insecure point is at the end-user or operator's PC. I guess you can thank malware et all for that
|
Add to Favourites 
Print this Article
Also Read
