Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cpanel DEMO from ROOT Security Hole

Discussion in 'Security' started by totalprocessing, Jun 24, 2005.

  1. totalprocessing

    totalprocessing Registered

    Joined:
    Mar 15, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Pensacola, FL
    Hi,

    I had the demo setup for visitors. Somebody managed to use the demo account to access the mail server and phish, spoofing paypal emails. This was a major security breach and the data center requested a shutdown before I even knew anything was going on.

    I have read on hostgator's forum that they have shut down all the demo accounts of their clients as well for similar reasons. Demo accounts get hacked often I guess.

    What is Cpanel doing to address this security flaw? What exactly is the flaw? All I know is GNAX said shut it down because somebody was phishing by spoofing paypal

    Thanks
    Todd
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. drupal

    drupal Active Member

    Joined:
    Jun 23, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Not here, but there.
    Thought I saw somewhere on here that does demos. Demos are bad they just ask for touble.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Indeed, try searching regarding the demo account. If they've gained root, then you most likely have a root compromise in your OS, not cPanel. If you believe that you've found something new after searching the forums and bugzilla, then you should contact security@cpanel.net with your findings.

    If you don't want to risk your server when running the demo account - which will always be a risk considering you're allowing anybody free reign on an essential part of your server configuration, you can always use a third-party service such as:
    http://www.cpaneldemos.com
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice