Cpanel Hack? Bypassing limits

lagoth · Sep 30, 2006

It seems i have discovered that users are able to bypass addon domain/ subdomain limits. by removing the subfolders that are created and replacing them with linked dirs. it appears to be on freebsd and dissappear after nightly runs. I have one user that now has way more addons then he is supposed to... Can anyone verify this is the cause?

webignition · Sep 30, 2006

lagoth said:
... by removing the subfolders that are created and replacing them with linked dirs ...

What do you mean by 'linked dirs'?

katmai · Oct 2, 2006

soft links maybe, but this can only be done by users who have shell access as far as i know ...

lagoth · Oct 6, 2006

for example

user: ttest
domain tttest.com
can "addon" domains

he adds yahoo.com

that creates a subdirectory /yahoo

he removes
rm -rf yahoo

and does this from his public_html folder
ln -s ./ yahoo/

bingo he can now addon more domains!

chirpy · Oct 7, 2006

If it is a reproducable bug then you should log it as a bug in bugzilla so that cPanel is aware of the issue if you haven't done so already.

Thread starter	Similar threads	Forum	Replies	Date
A	My Cpanel hacked?	General Discussion	2	Mar 7, 2010
D	my cpanel was hacked	General Discussion	2	Jan 27, 2010
M	CPanel hacked	General Discussion	5	May 18, 2009
L	cPanel forwarder hack	General Discussion	3	Nov 20, 2008
J	cPanel_magic_revision --> Looks like the hackers found something new to attack?	General Discussion	3	Jul 15, 2008

Search

Search

Cpanel Hack? Bypassing limits

lagoth

Member

webignition

Well-Known Member

katmai

Well-Known Member

lagoth

Member

chirpy

Well-Known Member