Disable password reset option

Disable password reset option

Curently I just order a new box. This is my other box from knownhost, a great vps provider with affordable services. They are cheap and comes with fully managed services, that means I just need to open support page than create tickets and asked something like install, reboot, reinstall etc. Anyway, even it was easy to create and submit ticket, they just dont do anything if you dont have to asked them. Sounds funny ? NO! Because your box is your home, and there are affection if something happend was crashing your box, other box in BIG HOME will still runned.

AVOID Exploit ! PWNED cPanel Account By Reset Password.

In about 2 years a go, i have loss my gmail. Not really primary mail, but i just use this mail for SETUP cPanel account under my box on knownhost. In fact, a boy who have steal my gmail was found all information such as username Forum, hubpages, facebook acc etc andddddddddddddddddd my cPanel Account. Guess what ? He/She have use Password reset Option Features on cPanel to reset password. He got the mail and VOILA! My site was gone in a moment. But thanks God, knownhost have backup my dick.

The point of my story is, its very good to Disable password reset option for cPanel users to avoid exploit.

Basicly cPanel recently announced a new vulnerability for their servers for the password reset option. We’ll show you how to turn off the password reset option for failed logins to cPanel through Web Host Manager.

The feature “Allow cPanel users to reset their password via email”, found in WebHostManager in the “Tweak Settings” section allows for a cPanel user to run some commands as the root user.

It’s strongly suggested that all Cpanel users disable this feature. So here we go, how to disable password reset feature options for cPanel users.

  1. Login into you WHM control panel as root.
  2. Click on Tweak Settings in the upper left hand corner.
  3. Scroll down until you see “Allow cPanel users to reset their password via email”
  4. Uncheck the check box and click Save.

As easy like 4 step ive describe. Once more, dont forget To Disable password reset option for cPanel users.