Thread: Can someone gain access to my cp through attachments?

I recently was using horde email to send someone a file attachment. I cc'd myself and in my email was the link, when I clicked on that, the download box popped up but on that box, it included the ip address EXAMPLE:

from 80.26.852.62:5060 and when I punched that into my address bar, I got right into my control panel? Does this mean others could do the same if I use Horde to send attachments to people? And if so, what can I do to prevent that. I saw when I was composing the email, it gave me an option for "inline" is that different? Thanks in advance for your help.

WG

I suggest you open a support ticket as this is not normal. I tried as you did with my squirrel mail and did not have the same results.

Definetly a security issue.

Andy

Andy, thanks and I will open a support ticket. It seems however that once I logged out of my cpanel that once you put that ip address in again, it asks for your user name and password but still that tells me that if I send attachments and am still logged into my cp that if someone wanted to play around they could do just as I did and get into my cp.....thanks again!

Wg

But it doesn't take you to your control panel. It takes you to the login popup, where username and password are required. It's excactly the same as if you had typed www.yourdomain.com/webmail . Noone can login in your CP without username and password

Originally Posted by wgreene

Andy, thanks and I will open a support ticket. It seems however that once I logged out of my cpanel that once you put that ip address in again, it asks for your user name and password but still that tells me that if I send attachments and am still logged into my cp that if someone wanted to play around they could do just as I did and get into my cp.....thanks again!

Wg

Navaldesign's answer above mine pretty much answers this, but I wanted to add one thing in response to this: "if I send attachments and am still logged into my cp that if someone wanted to play around they could do just as I did and get into my cp"

This is not possible, so don't worry. A log in is unique to the pc you are on and anyone else would see the username and password screen whether you're logged into your cpanel or not.

80.26.852.62:5060 is not your control panel, it does not even belong to VodaHost.

A picture of exactly what happened! I guess I was a little upset that vodahost acted as if I were lying when I was only trying to help. This is what I "think" happened. The file I sent was an mp3. I attached the mp3 from my computer as track 9.mp3. It just so happens that I have multiple track 9.mp3's uploaded on the server so maybe after I attached the file it somehow associated it with the file on the server....I really don't know that is just a wild guess but as you can see the link clearly indicates that it was sent from Horde. All in all I am here to help others just as many have helped me...that's all!

Dear Laura Dunkin,

The ip address I gave you was an EXAMPLE as my original email indicated. Your support page is not secure which even asks for your customers user name and password so thats why I was using an example. The IP address was 70.86.134.194:2082 and YES it did take me directly to my control panel and I am insulted that you would insinuate that I was not telling the truth. I am a paying customer and was only trying to help by explaining EXACTLY what happened. I love your service and am happy with Vodahost but please give your customers the benefit of the doubt when discussing security issues or other important matters in the future.

Regards
Wilson

Their Reply
80.96.654.365:6050 is not a CP of any sort. That IP does not even belong to us.

I suggest you try it again as I highly doubt it took you to your cpanel control panel. That ip does not belong to us, nor is that the cpanel port.

Original From ME
Today, I was using Horde email and sent an attachment to a friend. I cc'd myself and when I checked my inbox and clicked on the link, the normal download window popped up (after a message stating my site could possible contain a virus)....also on the download box was the following statement

from: 80.96.654.365:6050 (example ip) When I placed that ip address into my window it took me directly into my cp which is a huge security breach. Now once I logged out of my cp and I put the same ip address in, the username passowrd box came up. I just thought you should know about this. I won't be using Horde anytime soon. I only used that because I could change my identity to have my emails say from hiphoptraxx.com and not some ext. at yahoo.

Thanks

Don't think anyone said you are lying. Vodahost Admin is not in continous contact and aware of all (more than 1000/day) support tickets., so could not know that this was an example. It is also obvious that whoever responded to your ticket, didn't notice the (example ip) otherwise he would't have answered that way. Errare umanun est.

Yes, I agree and mistakes can be made but thats why it's important to actually read the email. Anyway, I will wait to see if they have any ideas as to what happened. Thanks for the reply and aren't you missing an "h" in your latin reply there? Errare Humanun est. ?


Don't think anyone said you are lying. Vodahost Admin is not in continous contact and aware of all (more than 1000/day) support tickets., so could not know that this was an example. It is also obvious that whoever responded to your ticket, didn't notice the (example ip) otherwise he would't have answered that way. Errare umanun est.

You see ? Errare Humanun est.

And, the explanation is simple: you had the link to download the attachment. If you were logged in your CP, or you were just minutes ago, your computer simply logged in directly without need for pas and username. Try it this way: connect to your CP. Then type in the address bar another address, f.e. the forum one www.vodahost.com/vodatalk then type in again the address of your CP. You will see that the second time, you are not asked for username and password, unless you had unloged before

Well stated navaldesign and yes you are correct. I just wish the downloaded link would mask the "real' link. Am I right in saying that if I was still logged into my cp and someone put in the direct url to my cp in their address bar that they would be able to get into my cp as well? If so, Someone who wanted to be mean could cause a little bit of mischief if they wanted to. Thanks for the reply!

You see ? Errare Humanun est.

And, the explanation is simple: you had the link to download the attachment. If you were logged in your CP, or you were just minutes ago, your computer simply logged in directly without need for pas and username. Try it this way: connect to your CP. Then type in the address bar another address, f.e. the forum one www.vodahost.com/vodatalk then type in again the address of your CP. You will see that the second time, you are not asked for username and password, unless you had unloged before

Originally Posted by wgreene

Well stated navaldesign and yes you are correct. I just wish the downloaded link would mask the "real' link. Am I right in saying that if I was still logged into my cp and someone put in the direct url to my cp in their address bar that they would be able to get into my cp as well? If so, Someone who wanted to be mean could cause a little bit of mischief if they wanted to. Thanks for the reply!

This is not possible, so don't worry. A log in is unique to the pc you are on and anyone else would see the username and password screen whether you're logged into your cpanel or not.

Wilson is very relieved! Thanks racefan20 and navaldesign for all the explanations.....With all of this knowledge soaking in, I'll be a General in no time!