The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel DEMO from ROOT Security Hole

Discussion in 'Security' started by totalprocessing, Jun 24, 2005.

  1. totalprocessing

    totalprocessing Registered

    Joined:
    Mar 15, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Pensacola, FL
    Hi,

    I had the demo setup for visitors. Somebody managed to use the demo account to access the mail server and phish, spoofing paypal emails. This was a major security breach and the data center requested a shutdown before I even knew anything was going on.

    I have read on hostgator's forum that they have shut down all the demo accounts of their clients as well for similar reasons. Demo accounts get hacked often I guess.

    What is Cpanel doing to address this security flaw? What exactly is the flaw? All I know is GNAX said shut it down because somebody was phishing by spoofing paypal

    Thanks
    Todd
     
  2. drupal

    drupal Active Member

    Joined:
    Jun 23, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Not here, but there.
    Thought I saw somewhere on here that does demos. Demos are bad they just ask for touble.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed, try searching regarding the demo account. If they've gained root, then you most likely have a root compromise in your OS, not cPanel. If you believe that you've found something new after searching the forums and bugzilla, then you should contact security@cpanel.net with your findings.

    If you don't want to risk your server when running the demo account - which will always be a risk considering you're allowing anybody free reign on an essential part of your server configuration, you can always use a third-party service such as:
    http://www.cpaneldemos.com
     
Loading...

Share This Page