Your cPanel login and when you should use it

Logging into cPanel. That’s pretty much it.

When you sign up or install an account, we issue you a cPanel login – this login is essentially the “root” of your account with full administrative powers to do very nearly anything that it gosh darn well pleases, and since it has shell access to the server, it’s a pretty powerful little login. It’s one of the reasons that we force you to login to the servers using SSL, and we’re so adamant about keeping your site from obvious risks we also firewall your ability to get into cPanel from any other way other than in an encrypted manner.

Much to our chagrin, it can also work for FTP or logging into mail – and though you can use it that way, you shouldn’t, because those logins are not encrypted and you are sending a plain text password through the internet and through multiple networks in such a way that anyone can pluck it out of the air. This is extremely unsafe, and we highly recommend that you not do it at all.

All cPanel email accounts should be created in your cPanel – sending those passwords through the air in plain text isn’t really any better, either, but at least you are limiting the access that they can get to that email account only. (We will have an article regarding encrypting your logins, but that’s beyond the overview scope of this article).

All FTP accounts should be created in your cPanel – sending those passwords through the air in plain text isn’t really any better, either, but at least you are limiting the access that they can get to that FTP account only. The only exception to this would be if you use SFTP, which is actually run over shell and not over “FTP” – in that case, you are required to use your cPanel login as that login is the only true Unix login and hence the only way that you can have SFTP access.

You cannot simply login to SFTP on port 22, either – we hide all shell ports and we do not publish those ports anywhere. You’ll need to email the support department and request the port for your server as they are all different. This allows us to know exactly who has shell access, and to monitor its security with a little extra glance every now and then.

We do recommend SFTP for everyone on a Junior account or above (as Intros don’t have shell). It is a more secure way to get files back and forth between the server, and if you are on an ISP that throttles FTP upload speeds you can sometimes dramatically speed up your FTP sessions when uploading to your site by using SFTP as it’s not a (currently) commonly throttled port when ISPs are throttling ports common to file sharing to limit their end users ability to share files.

It addition, by creating your FTP and Email accounts yourself, you put the ability to reset passwords when you forget in your own hands, and you don’t have to wait for support to do it for you, which is a handy little thing to be able to do.

5 Responses to Your cPanel login and when you should use it

  1. Joe Shelby says:
    May 15, 2008 at 9:20 pm.

    Question – is there a way to get to drak’s web-based emails without going through cpanel? I’d like to just have near “one-click” to get to it, ’cause right now I have to go through the cpanel login, then find the email button, select the account, and then i’m into webmail (after authenticating with the actual email account’s separate name/password mentioned above).

    I have a shortcut that goes straight to the webmail, but that still has both logins (cpanel, then the email account), AND cpanel has now added a “do you want to authorize this”, adding another step to click when i’m trying to reduce them.

    • DrakNet says:
      May 15, 2008 at 9:33 pm.

      Wow. You’re fast – he’s right on the money. :)

      • Joe Shelby says:
        May 16, 2008 at 10:55 am.

        That works in most cases – the exception seems to be when there’s a relay involved. I put the address in my.yahoo.com bookmarks but yahoo adds their own relay layer to every bookmark link to run it through a yahoo tracker first, and by the time it gets to squirtle, things are funky enough that it forces the cpanel login and auth-click anyways.

        I’m probably just going to give up on yahoo’s system and either search for or write my own bookmarks model with an RSS export since yahoo’s RSS feed importer doesn’t add that tracking url wrapper.

  2. wolfwyndd says:
    May 16, 2008 at 9:27 am.

    Yep. Once I discovered the yourdomain.com / webmail login I jumped all over it because I used to go into cpanel to get to mail too. I couldn’t do without it now. My employer blocked mail ports from work, but they DON’T block draknet’s web mail. They block yahoo mail, but not here so it’s my ‘back door’ into getting my email.

    I also agree, it needs to be much better publicized with our members.

  3. Joe Shelby says:
    May 16, 2008 at 3:55 pm.

    That works in most cases – the exception seems to be when there’s a relay involved. I put the address in my.yahoo.com bookmarks but yahoo adds their own relay layer to every bookmark link to run it through a yahoo tracker first, and by the time it gets to squirtle, things are funky enough that it forces the cpanel login and auth-click anyways.

    I’m probably just going to give up on yahoo’s system and either search for or write my own bookmarks model with an RSS export since yahoo’s RSS feed importer doesn’t add that tracking url wrapper.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>