Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: cPanel Security

  1. #1
    Registered User
    Join Date
    Jan 2013
    Posts
    4
    cPanel/WHM Access Level

    Root Administrator

    Default cPanel Security

    Is this email true?

    Salutations,

    You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with "sudo" or "su" for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.

    As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel's security team is continuing to investigate the nature of this security issue.



    --cPanel Security Team

  2. #2
    Registered Member cPanel Partner NOC Badge
    Join Date
    Oct 2009
    Posts
    25

    Default Re: cPanel Security

    We received it as well. Would really like *some* sort of further information around it.

  3. #3
    Registered Member
    Join Date
    May 2003
    Posts
    251

    Default cPanel support system hacked?

    We just got this email from cPanel:

    ======
    Salutations,

    You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with "sudo" or "su" for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.

    As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel's security team is continuing to investigate the nature of this security issue.



    --cPanel Security Team
    ========

    The headers appear legit and coming from cPanel servers.

  4. #4
    Registered Member
    Join Date
    May 2003
    Posts
    251

    Default Re: cPanel support system hacked?

    Are ticket logins older than 12 months affected? They don't seem to exist in cPanel support system anymore, so are these deleted? Just wondering what extense is the hack and how far back we need to go.

  5. #5
    Registered Member
    Join Date
    Nov 2004
    Posts
    44

    Default Re: cPanel support system hacked?

    Hi Guys,

    Any update on this??

    I got this email too...

  6. #6
    Registered User
    Join Date
    Apr 2012
    Posts
    1
    cPanel/WHM Access Level

    Root Administrator

    Default Re: cPanel support system hacked?

    Guys,

    It is a good idea to change your SSH keys every so often anyway.

    If in doubt, just change your keys and you should be ok, regardless if any SSH keys have been compromised on the cPanel server.

    Good luck!


  7. #7
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    10,903
    cPanel/WHM Access Level

    Root Administrator

    Default Re: cPanel Security

    Multiple threads merged on this topic.

    As far as I know, this is not from cPanel. I've contacted the cPanel Security team concerning this thread.


    Thanks for reporting this.

  8. #8
    Registered Member
    Join Date
    Apr 2012
    Posts
    102
    cPanel/WHM Access Level

    Reseller Owner

    Default Re: cPanel Security

    Code:
    Return-path: <noreply@cpanel.net>
    Envelope-to: xxxxxxx@xxxxxxxxxx
    Delivery-date: Fri, 22 Feb 2013 01:48:37 +0100
    Received: from mx1.cpanel.net ([208.74.121.68]:46936)
    	by xxxxxxxxxxxxxxxxxxxxxx with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
    	(Exim 4.80)
    	(envelope-from <noreply@cpanel.net>)
    	id 1U8goX-00020r-4G
    	for xxxxxxxxxxxxxxxx; Fri, 22 Feb 2013 01:48:37 +0100
    Received: from kangaroo.manage2.cpanel.net ([208.74.121.26]:35891)
    	by mx1.cpanel.net with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
    	(Exim 4.80)
    	(envelope-from <noreply@cpanel.net>)
    	id 1U8goV-0001Ht-Ca
    	for xxxxxxxxxxxxxxxxxxxx; Thu, 21 Feb 2013 18:48:35 -0600
    Received: from manage by kangaroo.manage2.cpanel.net with local (Exim 4.69)
    	(envelope-from <noreply@cpanel.net>)
    	id 1U8goV-0001hy-6L
    	for xxxxxxxxxxxxxxxxxxx; Thu, 21 Feb 2013 18:48:35 -0600
    Content-Disposition: inline
    Content-Length: 828
    Content-Transfer-Encoding: binary
    Content-Type: text/plain
    MIME-Version: 1.0
    X-Mailer: MIME::Lite 3.01 (F2.74; T1.20; A2.08; B3.07; Q3.07)
    Date: Fri, 22 Feb 2013 00:48:35 UT
    From: no-reply@cpanel.net
    To: xxxxxxxxxxxxxxxxxxxx
    Subject: Important Security Alert (Action Required)
    Message-Id: <E1U8goV-0001hy-6L@kangaroo.manage2.cpanel.net>
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - mx1.cpanel.net
    X-AntiAbuse: Original Domain - xxxxxxxxxxxxxxx
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - cpanel.net
    X-Get-Message-Sender-Via: mx1.cpanel.net: acl_c_relayhosts_text_entry: -unknown-@cpanel.net|cpanel.net
    X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
    are you still thinking it is not from cPanel? So how it was send by their mx servers then?

  9. #9
    Registered Member
    Join Date
    Aug 2011
    Location
    Bangkok
    Posts
    17

    Default Re: cPanel Security

    Quote Originally Posted by Infopro View Post
    As far as I know, this is not from cPanel.
    I am quite concerned about this statement as I've received this email as well. It would be greatly appreciated if an official statement would be pubblished. I've used cPanel's support twice over the last 6 months as far as I can recall however I've always changed the password once the operation has been completed. Also I've just seen to change the main root password about 1 week ago. Do I need to be worried now?

  10. #10
    Registered Member
    Join Date
    Nov 2004
    Posts
    44

    Default Re: cPanel Security

    Guys,

    Any updates?

  11. #11
    Registered Member
    Join Date
    Mar 2012
    Posts
    46
    cPanel/WHM Access Level

    Website Owner

    Default Re: cPanel Security

    we got this email too.

  12. #12
    Registered User
    Join Date
    Feb 2013
    Posts
    4
    cPanel/WHM Access Level

    Root Administrator

    Default Re: cPanel Security

    You missed all the fun:

    SSHD Rootkit Rolling around - Web Hosting Talk

    @Steven from WHT discovered a rootkit and during the research to find the entry vector cPanel sent that email. A lot of big and small companies were hacked. So, let's not flame cPanel.

    Yes. cPanel will learn from this. So should each one of us. Our root password or ssh private key is our business...

    The fact that cpanel was an entry point for the installation of the rootkit does not mean that other entry vectors did not exist. We've had quite a few vulnerabilities: Java, flash.

    I love cPanel. And I will support cPanel. I registered today to express my support to everyone at cPanel. I owe a lot to cPanel.

    It's not perfect. But it's the best control panel.

  13. #13
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    10,903
    cPanel/WHM Access Level

    Root Administrator

    Default Re: cPanel Security

    Greetings,

    Please accept my apologies for responding erroneously to this thread last evening. I was visiting the forums off shift and was not aware of the situation at hand other than the threads posted here, nor had I received the email myself, yet.

    The email that you and I have received is now confirmed, legitimate.

    As explained in that email, you need to update any of your servers passwords provided to cPanel Technical Support via the ticket system in the past 6 months, right away. This situation is still being investigated, additional information aside from that, is not available at this time.

    As soon as there is additional information available, a more formal announcement will be made available to all.


    Thank you.

  14. #14
    Registered Member
    Join Date
    Sep 2002
    Location
    Europe
    Posts
    285

    Default Re: cPanel Security

    It is weird message and suspicious as i don't see that cPanel posted such warning anywhere on cpanel.net.

  15. #15
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    10,903
    cPanel/WHM Access Level

    Root Administrator

    Default Re: cPanel Security

    Quote Originally Posted by dxer View Post
    It is weird message and suspicious as i don't see that cPanel posted such warning anywhere on cpanel.net.
    There will be, as soon as there is proper information to share about this.

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 2
    Last Post: 03-27-2012, 06:30 AM
  2. Simple security question about mod-security rule sets.
    By jols in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 08-09-2007, 04:37 AM
  3. Replies: 3
    Last Post: 12-30-2004, 02:34 PM
  4. Replies: 109
    Last Post: 06-22-2004, 07:39 PM
  5. Replies: 21
    Last Post: 05-08-2003, 02:31 PM
bargain