Cpanel hacked last week, want some credit

I agree. You deserve credit for a good job!!

 

Unfortunately there is little hope of you getting any compensation. This forum is not the best place to request it either, as you can see by the replies so far.

I am pretty sure cPanel will have their terms and conditions sewn up to prevent the need to compensate everytime a bug appears. They'd be bankrupt by now if they didn't!

Try a support ticket instead. I already know the answer though.

 

You think cPanel is expensive??? That's too funny. I deal with software that costs $75K a year for some things and more. cPanel pricing in my opinion is a steal.

 

This has gone off topic now, but....

cPanel may be a steal to someone dealing with software costing $75K/yr. But to someone on a shoestring budget that will not be the case. It's not nice being elitist.

 

Your right and I appologize for it coming off as such.

 

What are you running a business on a 'shoe-string budget' for?

What hole?

 

Not all software is ever 100% secure. It's your responsibility as a server admin to keep up to date with the security focus on your server. If you in fact check these forums you would have seen the bug posted, and how to fix it pretty close to when it came out, and you wouldn't have been infected.

I even posted the report/fix on many other forums to help people out, and saved tons of people from getting infected, but since you probably don't read those either you still got infected.

Unless you have a 100% managed server you still have to read security related topics almost daily or you WILL sometime sooner or later (sooner apparently for you) get bit by a 'hacker'.

That's my take on it atleast.

 

Ya...Look at Windows. I agree with Todd here. There is alot less security *NIX updates compared with Bill Gates software.

Will Bill Gates credit you if your software is corrupted....I don`t think so.

 

Y'know... I don't want this to get into an OS debate, but I couldn't let that last comment pass...

Since the beginning of the year, I've had to install TEN (yes, 10) security/bug updates from Redhat. And from Microsoft? Only 3!!!

(don't even try to compare FreeBSD which has had over 600 "serious" bug reports since the beginning of the year, most of which are still unpatched).

Since CPanel is somewhat of an Operating System on top of an Operating System, I think its important to note that the sheer amount of continual improvements, released as they're finished rather than bundled for less regular updates, is a remarkable accomplishment.

While I think we would all like to see a bit broader beta testing prior to CPanel declaring a version as "stable", my suggestion to Emeric and those of you who feel the same, wait to install each "stable" version until a few days after its released. (On this thought, it would be nice if CPanel made kept the last couple of stable builds available to be installed via WHM, for those who aren't moving along quite as quickly as the rest).

 

My point being is not about a OS or current security upgrades, but if a OS either *NIX, or Windows was out of date, do you think you would be credited for a hack?

Show me someone that has received credit from $MS for being hacked?

 

I agree with you on that point, which is why I didn't include your last line in my quote.

I was just commenting on what I took to be your implied superiority of *NIX. If I was wrong, then no worries.

(But, just for the record, Microsoft recently released Small Business Server 2003 with a bug that caused problems with SharePoint. They made amends to everyone who had purchased the product by doubling the included client access licenses from 5 to 10.)

 

Are updates not a good thing then...

Just because you have only had 3 updates from MS does not make this a superior product either.

Each one has it advantages and disadvantages.

I personally have had more updates on my home windows system this year than on my RH systems so I think it comes down to what setup you have and what product you are using.

The other thing to consider is that RH release alot of fixes for all the software on a RH system, where MS only release fixes for MS products on a system.

Just my 2p's worth and as I said this was not to start a OS war but just a valid reply to jeffbkane's post.

 

Who said he was running a business?

 

As someone else said:
It's YOUR responsibility to administrate your server, NOT the responsibility of CPanel or any other control panel, or server "tool". YES, CPanel makes your life easier as an admin, however it does NOT and WILL NOT do the job for you.

As a server admin, you need to keep up to date on the latest updates and bugs from CPanel and any other software you have running in your system, and if necessary take action to prevent from being hacked. I'm sorry, but the "I want credit from CPanel" cry won't get very far here. You want credit for what? Not doing YOUR job?

If you have a linux system, it's almost a full time job keeping on track of things, but it CAN be done. I'd advise you find a systems admin. Nobody can keep you 100% hack free (the only way to do this is to unplug the eth0 cord), but a decent systems admin can at least keep you sane and decently checked and let you know if problems arise.

 

shutdown -h now

is an even better way :D

 

Cpanel aint a car, and this aint a highway, pretty simple there.

And this is Cpanel's fault HOW? C'mon now. Had you provided the basic security essentials, you wouldn't find your server being hacked.

Better yet, you KNOW that the server was hacked 10 minutes later HOW? Seems quite a bit fishy to me.

Blaming CPanel for your own screwups isn't acceptable. If you properly secure a server, it's going to stand less chance of getting hacked. If you keep up2date with all of the software updates, update your kernel, keep your configs up and running, secure your /tmp directory, don't allow logins, keep your passwords secured and up 2 date, then you'll have few (if any) problems.

It's not CPanel's fault that your server got hacked, it's your own, for not ensuring that your server was not secured. Quit trying to blame someone else for your poor judgement.

 

Where have you been if you only have had to update 3 patches... there has been like 10 vulnerablities. I work for a security agency all we do is scan computers for vulnerablities. What you should do is get smart and block all connections to the server until its patched.

 

I get out, call a wrecker and go find a new car. If it were a hacker that blew up my engine I blame him, not the gas company who just happens to use the same hole to fill the tank. Good idea might be to lock your doors and a better idea would be to watch things 24/7 so your car doesn't blow up. If it keeps hapening ..just leave it in the driveway and take off the wheels and weld the doors shut so it can't be stolen or hurt anyone else.