Major Exploit

dfltech · 10-17-2006 03:11 PM

Originally Posted by Gilfil

I had a box exploited...

The user injected a ssh root code, changed my root password and replaced su by one of his own.

I had to go inside the box through the exploit to restore the control, and re-install some RPMs of affected files.

Do you have the root code? Can you paste it here? which RPMS were effected? Exactly how did he get the root access..

Can you provide us with more information on this..

Thanks.
Adam.

**markfrompf** · 10-23-2006 09:32 AM

<sarcasm>What? There are holes in cPanel?</sarcasm>

I'm happy to see that you guys get these problems fixed so quickly. My server runs UPCP every night, so I'm safe.

Keep up the good work and quick solutions!

**PbG** · 10-25-2006 08:41 PM

Please share your mod_security ruleset for blocking outgoing iframes?

Originally Posted by brianoz

And it would be useful data to know if you were using phpsuexec - were you?

Is it possible to use mod_security to block outgoing iframes? That would make this vulnerability a heck of a lot harder to exploit and might provide another way to knobble the exploit temporarily.

**PbG** · 10-25-2006 08:42 PM

... too funny ROFL!

Originally Posted by myusername

A security audit by its very name should be conducted "online," to look for holes in a sytem in a state where it is accessable to the public. If it is offline and they are performing a security audit, its proabably because someone broke into their basement or garage and stole their computer they were hosting your site on, hense, they are now conducting an audit on their windows and doors.

**brianoz** · 10-25-2006 09:44 PM

Originally Posted by PbG

Please share your mod_security ruleset for blocking outgoing iframes?

I wouldn if I could but I can't because I don't. Have the ruleset, that is; I was asking whether someone had one. Would be a great tool to put in, even temporarily, when this sort of thing is around.

**PbG** · 10-26-2006 01:26 AM

Host merit has some in his you can search for them. I wanted to compare yours with his/theirs.

Originally Posted by brianoz

I wouldn if I could but I can't because I don't. Have the ruleset, that is; I was asking whether someone had one. Would be a great tool to put in, even temporarily, when this sort of thing is around.

**markfrompf** · 11-24-2006 02:16 PM

The exploit isn't really the problem. The problem is how the exploit is allover online news channels, etc. so everybody knows!

I hate to say this, but maybe cPanel should just fix the exploits ASAP when they come out and just tell everyone "We've fixed a new exploit, please update cPanel" instead of telling the whole world about it and letting the hackers know how to recreate it!

**myusername** · 11-24-2006 02:31 PM

This is like 100 years old and they did fix it before the majority of the GP knew about it...

**mchase** · 11-24-2006 03:47 PM

Originally Posted by markfrompf

The exploit isn't really the problem. The problem is how the exploit is allover online news channels, etc. so everybody knows!

I hate to say this, but maybe cPanel should just fix the exploits ASAP when they come out and just tell everyone "We've fixed a new exploit, please update cPanel" instead of telling the whole world about it and letting the hackers know how to recreate it!

Yeah, you're right. It's not like the exploit caused TONS of problems for the company that originally found it .. wait. It did. The exploit IS the problem.

LinkBack

Thread Tools

Possible Exploit?

Major Major Problems

SSH exploit

ProFTP Exploit

proftpd exploit