Introduction:
At WebGee, we prioritize the security and integrity of our clients' accounts and data. We understand the importance of convenient features such as resetting passwords via a secondary email address in Webmail. However, due to security concerns, this functionality has been disabled. This article explains the reasoning behind this decision and our commitment to your account's safety.
Background:
We identified a security threat commonly known as 'AnonymousFox,' which exploited vulnerabilities in outdated or compromised WordPress plugins. This exploit allowed attackers to access the file system of the affected accounts. It's important to note that this was not a server-level compromise but was isolated to individual accounts. Our use of CageFS technology ensures that such an exploit cannot spread across accounts.
Why is 'Reset Password' via Secondary Email Disabled?
When a user attempts to reset their email password through cPanel, the new password is sent to their email address. If this email account is hosted on the same server, there's a risk that the new password could be intercepted from the mail file by an attacker who has gained unauthorized access through an exploit like 'AnonymousFox.'
To mitigate this risk and protect our clients, we have disabled the ability to reset email passwords via secondary email addresses in Webmail. This decision was made to prevent attackers from potentially gaining password-authenticated access to your accounts.
Our Commitment to Security:
We understand that this may cause some inconvenience; however, our clients' security is our top priority. We continuously monitor and update our security protocols to ensure the highest level of protection for your data.
Alternative Password Reset Methods:
If you need to reset your email password, we recommend doing so through the cPanel interface or by contacting our support team for assistance. We are always here to help you maintain secure and uninterrupted access to your services.
Conclusion:
WebGee is dedicated to providing a secure hosting environment. Disabling the 'Reset Password' functionality via secondary email is a precautionary measure to safeguard your accounts against potential exploits. We appreciate your understanding and cooperation in maintaining the security of our hosting platform.
For any questions or concerns, please reach out to our support team, who are available to assist you at any time.