Just got hit by iframe hack on 5 boxes

[gotroot]

Not sure how since we have iframe rules in mod_security but this just happened to us on 5 boxes hosting in 3 different DC's. Every index file on every box replaced.

What going on with this? Is there a v11 exploit? Must be. What a co incidence that all 5 boxes are hit in 3 different DC's. I understand 1 but 5?

Unbelievable.

[cPanelDavidG]

Not sure how since we have iframe rules in mod_security but this just happened to us on 5 boxes hosting in 3 different DC's. Every index file on every box replaced.

What going on with this? Is there a v11 exploit? Must be. What a co incidence that all 5 boxes are hit in 3 different DC's. I understand 1 but 5?

Unbelievable.

There is a very long discussion about this at: http://forums.cpanel.net/showthread.php?p=333644

We're unsure as to what precisely could be causing this and if it's even a cPanel-specific exploit (as there have been reports of this occurring on non-cPanel servers). If you or anyone else finds any evidence that it could be a cPanel security issue, please send relevant logs and commentary to security@cpanel.net

[kamyana]

Hi

one of my clients had a similar issue with iframe injection. I tried alot of different rules etc but of no vain. In the end, i just asked my client to remove a javascript from his index page and that solved the issue.

I am not sure but it seems its related to java scripts or something.

[rpmws]

Not sure how since we have iframe rules in mod_security but this just happened to us on 5 boxes hosting in 3 different DC's. Every index file on every box replaced.

What going on with this? Is there a v11 exploit? Must be. What a co incidence that all 5 boxes are hit in 3 different DC's. I understand 1 but 5?

Unbelievable.

is it possible that one of your resellers may be scattered with atleast one account on each of those boxes that are affected? do any of them have anything in common client wise?