top | item 12671249

(no title)

MatoBo | 9 years ago

Hello, At OneSite, we use strict security measures to ensure that your information is always safe, and of course, we will never sell your information to third parties. Our servers are secure and the information you provide us through the whole https://onesite.co/ (including cPanel) is encrypted.

Our cPanel uses self-signed certificates. Self-signed certificates work exactly like a certificate purchased through an SSL Certificate Authority, except that they are NOT signed by a Certificate Authority. Instead they are signed by your server; hence the term “self-signed”.

At OneSite, your data is always safe

discuss

nsgi|9 years ago

Self-signed certificates are not secure as they are vulnerable to man-in-the-middle attacks.

https://security.stackexchange.com/questions/8110/what-are-t...

With free/cheap certificates widely available through e.g. Let's Encrypt and AWS Certificate Manager, there's absolutely no reason to use self-signed certificates.

The cPanel login page linked to in the footer isn't using any HTTPS, self-signed or otherwise. This means that anyone controlling the network can inject javascript to steal your users' passwords.