Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Alerta De Seguridad

Discussion in 'Discusión en Español' started by Hispalab, Jan 26, 2008.

  1. Hispalab

    Hispalab Well-Known Member

    Apr 17, 2003
    Likes Received:
    Trophy Points:
    Madrid -Spain
    He recibido esta alerta y no la he visto destacada en el foro así que he decidido destacarla yo. No debe ser ignorada porque es muy grave el asunto.
    (No afecta solo a los sistemas con cpanel instalado puesto que hay muchos otros sistemas de panel de control afectados).

    El tema se está tratando aquí

    cPanel announced today that it’s security team has identified several
    key components of a hack known as the Random JavaScript Toolkit. The
    systems affected by this hack appear to be Linux® based and are running
    a number of different hosting platforms. While this compromise is not
    believed to be specific to systems running cPanel® software, cPanel has
    worked with a number of hosting providers and server owners to
    investigate this compromise.

    The cPanel Security Team has recognized that the vast majority of
    affected systems are initially accessed using SSH with no indications of
    brute force or exploitation of the underlying service. Despite
    non-trivial passwords, intermediary users and nonstandard ports, the
    attacker is able to gain access to the affected servers with no password
    failures. The cPanel security team also recognized that a majority of
    the affected servers come from a single undisclosed data-center. All
    affected systems have passwordbased authentication enabled. Based upon
    these findings, the cPanel security team believes that the attacker has
    gained access to a database of root login credentials for a large group
    of Linux servers. Once an attacker manually gains access to a system
    they can then perform various tasks. The hacker can download, compile,
    and execute a log cleaning script in order to hide their tracks. They
    also can download a customized root-kit based off of Boxer version 0.99
    beta 3. Finally, the attacker searches for files containing credit card
    related phrases such as cvc, cvv, and authorize.

    The actual root-kit has been the subject of much speculation. The cPanel
    security team asserts that the Boxer variant includes a small web-server
    which is how the Javascript is distributed to unsuspecting users of any
    website on the server. It is believed that the Javascript include is
    injected into the HTML code after Apache® has served the file but before
    it has traveled through the TCP transport back to the user of the
    website. The web-server is not loaded onto the hard drive directly but
    loaded directly into memory from the infected Boxer binaries. More
    information about the infected binaries can be found at:

    The JavaScript being loaded by this web-server is directing users to
    another server that scans the website user for a number of known
    vulnerabilities. These vulnerabilities are then used to add the website
    user to a bot net. More information about the JavaScript hacks can be
    found at:

    Cleaning the Random JavaScript Toolkit requires the server to be booted
    into single user mode and the removal of all infected binaries. More
    details on how to do this can be found at:

    The cPanel security team believes that the hacker has access to the
    database of login credentials, the only way to prevent being hacked
    again is changing the password and not releasing it to anyone. The
    preferred method however is to move to SSH Keys and remove password
    authentication altogether.

    Other Press

    This compromise has been in the media lately and discussions can be
    found at
    the following locations:,141358-c,techindustrytrends/article.html
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. activa

    activa Well-Known Member

    May 23, 2006
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice