Cpanel Exploit security hole in cPanel to hack the servers of a hosting company

[aka-2 0]

A pair days ago I read this new on Slashdot:

cPanel Exploit Used to Circulate IE Exploit

"In a dangerous combination of unpatched exploits, hackers have used a previously undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit. cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix. It's a local exploit, meaning the attacker must control a cPanel account on the target hosting provider."

Xisto uses cpanel tool in its hosting, and a few days ago happend this "Kidnapped Domain?"

Do you think it may be the cause? Anybody with this problem? Whatever, sure this exploit will resolved soon.

[BuffaloHelp 24]

No.

The member who posted regarding misdirected host name was just an isolated incident. The only affected person was the domain owner and the rest of members who replied saw the correct site. That's why I recommended that perhaps a localized spyware might have been redirecting the traffic in the first place.

If Xisto cPanel is at security risk it will also be localized to that member's cPanel. But since the articles do not specify which version of cPanel can be exploited, it's hard to say if Xisto is safe or not.

As far as I can undestand it, it looks like it's limited to HostGator at the moment. Looks like someone/people weren't happy with HostGator? But the method is not that they were attacking cPanel directly but using unsecure IE to "hack" the cPanle access.

A remote, unauthenticated attacker can execute arbitrary code on a vulnerable system.

This means when a computer user failed or ignored to update to Windows security latest patches the IE browser can pickup this malicious codes that can execute when cPanel is accessed with infected IE.

The worse virus for computers is uneducated users

[Saint_Michael 3]

Well I just checked a few sites out for those who auto update the software to cpanel get the patch so they are fine. So if OpaQue did have it set to auto update then we are fine.

[CrazyRob 0]

I have to say i use cPanel on a fwe of my servers i dont know if you know but the problem can be solved through SSL and just blocking off the 2082 and 2096 ports in cpanel httpd config then only the ssl pots will be active so the holes will be secured. all cpanel distros autmatically update anaway and all the holes should be fixed for cPanel Evelution (version 12).

[gameratheart 0]

If there was a problem with the cPanel that Xisto uses, then I would be assured by the fact that OpaQue would quickly be made aware of it and endeavour to fix it.And yeah, Saint_Michael is probably right, OpaQue's probably got an autoupdate feature installed on all of our cPanels anyway, so if there was a problem we'd be protected anyway.

[Dooga 0]

Most Xisto members aren't that evil anyways

[aka-2 0]

In no way my intention has been expand any rumor, all the oposite. This is a great comunity ang hosting, reason why I'm hosted here.

[CrazyRob 0]

cpanel have released the update as critical so all cpanel servers including traps should update automatically. as it installed for me without any interaction what so ever

[iGuest 3]

HELP!!

Cpanel Exploit

 

Some one has hacked my cpanal and made a bunch of fake email accounts and they are screwing with my web site every once in a while by doing thing like making the margins 200 and changing file extensions.

I have been able to fix this easy and quick but can't have this continue

 

-reply by Adam