Nick, can you give us version information for what is patched? I ran an update earlier on Current machines and now see there is another version listed (12 on there now, 13 new version). Do I need to get to 13 to be safe? And how about other trees? Thanks.
Originally Posted by cpanelnick
Kind of off topic but I sure would like a script that would update all the servers with one click. I mean logging into hundreds of servers and waiting for upcp takes the extra time that could save a server from being hacked.
I have no problems with not knowing what the security issue is/was. I completely understand that with security issues you have to keep them private until you can be assured that it is patched or atleast the public that uses the product has been informed and had the chance to patch the system. I'm also assuming that the cPanel developers are checking other bits of the code that may be vulnerable to similar exploits and patching those as well.
I was just asking for clarity as to whether or not upcp fixes this for all builds, since my release build does not appear to increment when I update. However, techark has informed me that this does indeed fix this release, and I have run upcp on all our servers, so I feel reasonable secure against this exploit.
You could look into Secure CRT.
With Secure CRT you can Open up multiple SSH sessions by selecting all of the servers and clicking connect.
You can then use the "Send chat to all tabs" feature of Secure CRT where you type in the command you want to send to ALL SSH sessions.
1. Easily connect to all of your servers
2. Type one command (/scripts/upcp --force)
3. All servers are updated
http://vandyke.com/
I'd say now is the time to procure a copy of SecureCRT. Set up all servers in it, right click in the whitespace at the bottom and "choose Send chat to all tabs" Then every command you issue goes to all the open servers (tabs).
But my questions is, I have all cpanel ports closed in the firewall. Is this preventing the exploit from being inserted, if it hasn't been already. And what file name can I search?
I've also added a mod security rule
SecUploadDir /tmp/A_folder
SecUploadApproveScript /usr/local/apache/htdocs/viruscheck.pl
SecUploadKeepFiles On
So it puts any files into a folder, is this helping? Users are complaining nothing they upload through forms is working, so I know its at least preventing it,
Last edited by jsnape; 09-23-2006 at 09:01 PM.
Don't confuse the hostgator hack with this, the hack is a full root access hack, hostgator believes this is how their servers were compromised and inserting that code was what their hacker did with it.
With this hack they gain full root on the box and can do anything. So you are not looking for code you are protecting your box from being rooted at the super user level.
I'd like to know this too, can you please confirm the versions that are secure so we can check that we're covered?
That's more than I knew five minutes ago. Should they even be running? What is immediate protection, shutting the server off?
The question is, though, does blocking the cpanel ports prevent insecure boxes from being rooted? If so, it's a good emergency measure to protect boxes until they're upgraded - better than shutting down cpanel and apache. (although perhaps just shutting down cpanel might be a solution if it doesn't terminate other essential services).
I already updated, but cpanel inc. seems to be reluctant to say if it is actually patched. Shutting down cpanel shuts off mail, but blocking 2082 - 2095 doesn't stop smtp and pop3
/scripts/upcp is the answer guys and this is a local exploit so it has to be someone with a hosting account access to to run it.
Shutting down apache or other services does not do anything.
It only takes a minute to update.
No blocking ports will do no good takes less time to type /scripts/upcp anyway than to block the ports on boxes.
Last edited by techark; 09-23-2006 at 09:17 PM.
Not everyone has just one box to do!
Here I am at 2.16AM on a Sunday morning updating our boxes.
I suggest you do as others have and get a copy of SecureCRT so you can do multiple servers at once.
Personally I have a private script set up for ours and we updated over a hundredboxes this morning in 28 minutes.
I've never had to do more than 1 or 2 together, so perhaps now I will make sure I have the ability to do multiple.I suggest you do as others have and get a copy of SecureCRT so you can do multiple servers at once.
Personally I have a private script set up for ours and we updated over a hundred
Ah, the life of a sysadminThey should provide us with free lifetime supplies of coffee.
Michael Chase
Clear-Data Internet Services - Inexpensive website, reseller, and game server hosting.
LinkBack URL
About LinkBacks
Reply With Quote