The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

--- ALERT: Open whole for hackers in CPanel ---

Discussion in 'General Discussion' started by DianaL, Feb 27, 2003.

  1. DianaL

    DianaL Active Member

    Joined:
    Sep 9, 2002
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    There is a whole in Cpanel that allows hacker to take FULL CONTROL over ANY account on your server.
    More still to come, I'am checking this with few ISP's.

    WHY DIDN'T ANYONE FROM CPANEL TOLD US ABOUT THIS ???
    There is a BIG - HUGE security whole in Cpanel and no one didn't say anything about it ??
    come on CPanel support where are you ??
     
  2. DianaL

    DianaL Active Member

    Joined:
    Sep 9, 2002
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    I'am asking CPanel support I need to know is this bug fixed 100% in new CPanel 6, as stated "maybe" is not good for me, I need to know for A FACT is version 6 completey off this security risk ?
     
  3. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    What hole would that be? There's no shortage of people who take delight in pointing out security issues with cPanel and then point to something else as being superior, despite the fact that there are holes to be found in everything. There are also indications in WHM news about issues that crop up with something in cPanel and their resolutions, even if they don't always check their spelling first:

    "All traces of openwebmail have been elimiated as it has multiple secuirty issues."
    "Fix a large secuirty hole in guestbook.cgi"

    Much better than our old Alabanza days where we reported bugs and then waited...and waited...and waited....
     
  4. iisnet

    iisnet Active Member

    Joined:
    Oct 6, 2002
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    btw..it's spelt H-O-L-E. :)
     
  5. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    lol would you mind tellings us all what this huge hole is then?
     
  6. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    I wonder if the whole "hole" security thing is about the HOT bug, common with so many systems. It's a known fact that it works on "any" operating system in any Country at any time of the day. The HOT bug has been around as long as there have been Computers, the possibility of eliminating it seems to be about NIL!

    Hackers, Crackers, and Whackers have long known about the HOT bug and it seems only now, most IT depts. are cluing in to it.

    Mwwwhahaha...
    Be afraid, be very afraid.
     
  7. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Whoops... got you all excited and forgot to specifiy what the HOT bug is.

    It's a Human On Telephone of course. :D
     
  8. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider

    Sweet!!! I like that one...:D
     
  9. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    This is a semi-old problem, A security group found the vuln and i was subscribed to it. I tested both holes. The guestbook vuln was true, and the openwebmail one was not. Openwebmail was still removed because it's not used. I informed nick of these the "hole" right away and he fixed them. I think he actually might have had the guestbook hole fixed before. anyway, upgrading to build 6.0.x fix's the problems.
     
  10. LS_Drew

    LS_Drew Well-Known Member

    Joined:
    Feb 20, 2003
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    16
    Quit being a dumbass. Fixing it involved changing a couple of permissions...
     
  11. norm

    norm Well-Known Member

    Joined:
    Apr 23, 2002
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    What is this hole you are talking about? Care to be a bit more specific?

    Is it the guestbook which was already patched?

    Inquiring minds would like to know ;)
     
  12. MikeMc

    MikeMc Well-Known Member

    Joined:
    May 8, 2002
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    16
    oh...nevermind..post edited
     
Loading...

Share This Page