This feature’s title is totally and completely ripped off from NoFactZone, but since we host them and we do it for free, we’re hoping they won’t mind. (One day we need to blog how they wound up here because its kind of interesting, but that day is not today.)

“Better Know a Button” is exactly that - instead of giving you a broad overview of something you can do with your cPanel that involves lots of buttons, we’ll pick one button (or sub-button) and explain it. Today’s blog post is sponsored by the button “Getting Started Wizard”.

It’s the very first button in your control panel, and probably the button that’s most often overlooked. When you click on it, it says:

Welcome to your web hosting account for yourdomain.com. This software allows you to manage all different aspects of your web site, including your files, security, email, web applications, and a whole lot more. This getting started wizard will introduce you to some of the concepts behind web hosting and allow you to configure some basic settings for your web site so that you can start bringing traffic (visitors) to your site. At any time, you can use the jump menu to skip ahead to the next section.

This section will give you an introduction to some very important concepts in web hosting, including the most basic of concepts - your file structure. We know for a fact that hardly any of you watch this because we can see which files are accessed when you sign in - we also take the tickets that people inevitably submit because they never went through this section and aren’t very familiar with just exactly how a web site is set up. If we had a $1.00 for every ticket we answered explaining to people that they uploaded their index file into their home directory and that’s why it’s not web accessible (i.e. you can’t see it), we’d have as much money as Dreamhost without the server overhead.

In addition to general file structure overviews, it gives you a rundown of the features your account has, including Webdisk, cPanel’s alternative to WebDav on Microsoft servers (and the way that those of you who publish with Frontpage and are lost without the extensions can still hold on to your old, decrepit, end-of-lifed software while making a little bit of a jump into modernity).

It will take you through setting your contact information, telling you about different features of the hosting account, and in some cases, providing a way for you to set up those features right from the overview. It will also show you the different skins you have available and let you pick one, if you don’t like the default.

If you’re unfamiliar with servers and file structures, this is an excellent way to get familiar with your web site. Regardless of whether you think you need to know about all that kind of stuff, there will come a day when you will - we guarantee it.

We are going to actually block port 2082, which is the non-encrypted cPanel port. For a while now (over a year), we’ve directed the servers to forward you when you log in to the server name (to prevent browsers from freaking out when you don’t have an SSL certificate), and to the encrypted cPanel login port (which is 2083). If you logged in by typing in yourdomainname.com/cpanel, it would forward you to https://server.name:2083 so that you could safely log in and so that your login and password was sent encrypted. We programmed this through the server settings, and thought that since we told the server to forward you so you were encrypted, it would do so and not let you be unencrypted at all.

Guess what? Not quite.

Thanks to a client coming on chat this morning, we discovered that those of you who bookmarked pages within cPanel itself using the non-encrypted link could bypass this security mechanism, and happily fly your logins and passwords through the air in plain text. To help combat this, we are firewalling port 2082 on all servers - those of you that have bookmarked unencrypted pages will find yourselves unable to reach your cPanel in the manner you are used to through your bookmark. If you find yourself locked out, you should also take this as a sign that you should log in “the regular way” (http://www.yourdomainname.com/cpanel) so that we can protect you from plain text password volleyball, and should also immediately change your password (as you’ve been using it without encrypting it) as soon as you get in.

If you ever find yourself within your cPanel, Web Host Manager, or Webmail and the link in your browser is http:// and not https://, you are most certainly “doing it wrong”, as we have all logins programmed to operate using SSL. Despite that, it appears cPanel is not foolproof, so make sure that you’re protected.

We have also changed some of the settings on our firewall in general. Previously, we permanently banned IPs caught doing nefarious things. We have changed those bans to expire within 2 hours, so if you or your clients screw up, the port and action will become available to you again after the two hours passes. After a few chances, though, the software will put you back on perm ban, so you still can’t spend all day trying to guess your password. If you don’t know what your cPanel password is, email support and we’ll reset it. If you lose track of your email password, login to your cPanel securely, and simply reset it.

For those folks wondering about the empty database in their cPanel (should they have it), the following explanation was provided by cPanel:

Build 21703 provided two fixes that create the behavior being described in this thread. Earlier I posted these, but here is a more thorough description.

Prior to build 21565:
1. And any all accounts restored from backup (and transfers) would have an empty database created. This database name was the same name as the user (e.g. user name is cpken, database name thus is cpken). This database creation was not intentional, it was a bug.
2. Databases that were the same name as the user (user name is cpken, database name is cpken) were not accounted for in the tally of databases used by an account, nor were they displayed in the interface.

Builds 21565 and newer:
1. No longer creation the empty database upon account restoration/transfer
2. Display and account for all databases associated with a user name.

With that said, users currently cannot delete a database whose name matches the user name (db name of cpken as opposed to cpken_name). This matter should be attended to in the next build(s).

In other words, it’s a woops, and you are unable to delete the database yourselves. Just submit a support ticket, and we’ll nuke the little sucker for you.