Jump to content
xisto Community
aka-2

Cpanel Exploit security hole in cPanel to hack the servers of a hosting company

Recommended Posts

A pair days ago I read this new on Slashdot:

cPanel Exploit Used to Circulate IE Exploit

"In a dangerous combination of unpatched exploits, hackers have used a previously undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit. cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix. It's a local exploit, meaning the attacker must control a cPanel account on the target hosting provider."

Xisto uses cpanel tool in its hosting, and a few days ago happend this "Kidnapped Domain?"

Do you think it may be the cause? Anybody with this problem? Whatever, sure this exploit will resolved soon.

Share this post


Link to post
Share on other sites

No.

The member who posted regarding misdirected host name was just an isolated incident. The only affected person was the domain owner and the rest of members who replied saw the correct site. That's why I recommended that perhaps a localized spyware might have been redirecting the traffic in the first place.

If Xisto cPanel is at security risk it will also be localized to that member's cPanel. But since the articles do not specify which version of cPanel can be exploited, it's hard to say if Xisto is safe or not.

As far as I can undestand it, it looks like it's limited to HostGator at the moment. Looks like someone/people weren't happy with HostGator? :P But the method is not that they were attacking cPanel directly but using unsecure IE to "hack" the cPanle access.

A remote, unauthenticated attacker can execute arbitrary code on a vulnerable system.

This means when a computer user failed or ignored to update to Windows security latest patches the IE browser can pickup this malicious codes that can execute when cPanel is accessed with infected IE.

The worse virus for computers is uneducated users :)

Share this post


Link to post
Share on other sites

Well I just checked a few sites out for those who auto update the software to cpanel get the patch so they are fine. So if OpaQue did have it set to auto update then we are fine.

Share this post


Link to post
Share on other sites

I have to say i use cPanel on a fwe of my servers i dont know if you know but the problem can be solved through SSL and just blocking off the 2082 and 2096 ports in cpanel httpd config then only the ssl pots will be active so the holes will be secured. all cpanel distros autmatically update anaway and all the holes should be fixed for cPanel Evelution (version 12).

Share this post


Link to post
Share on other sites

If there was a problem with the cPanel that Xisto uses, then I would be assured by the fact that OpaQue would quickly be made aware of it and endeavour to fix it.And yeah, Saint_Michael is probably right, OpaQue's probably got an autoupdate feature installed on all of our cPanels anyway, so if there was a problem we'd be protected anyway.

Share this post


Link to post
Share on other sites

cpanel have released the update as critical so all cpanel servers including traps should update automatically. as it installed for me without any interaction what so ever

Share this post


Link to post
Share on other sites

HELP!!

Cpanel Exploit

 

Some one has hacked my cpanal and made a bunch of fake email accounts and they are screwing with my web site every once in a while by doing thing like making the margins 200 and changing file extensions.

I have been able to fix this easy and quick but can't have this continue

 

-reply by Adam

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.