The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

!cPanel Security Issues!

Discussion in 'Security' started by Helios, Aug 21, 2003.

  1. Helios

    Helios Registered

    Joined:
    Aug 20, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    My Web site got hacked by BloodBR, a group that defaces Web sites. You can see a catalog of their work at www.zone-h.org (zone-h.org claims to be an Internet security site, but they only encourage site defacers by posting their conquests for all to see). I checked six or seven of the other sites hacked by BloodBR, and every single one was running cPanel. My site, as far as I had control over it, was totally secure. Nothing with sensitive information in it was CHMODed beyond the normal level of security. There were no passwords stored in files that used them. I used MD5 to mask passwords, even when they weren't being passed through scripts by a URL. The only program on my Web site that I do not have control over is cPanel, and the only program that could have allowed the hackers to gain as much control as they did over my host's server was cPanel.

    cPanel.net Support Ticket Number:
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Did you have a demo site set up?

    cPanel.net Support Ticket Number:
     
  3. Helios

    Helios Registered

    Joined:
    Aug 20, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    No, nothing like that. The only way to legitimately gain access to a cPanel account on my host's server was to be a paying customer.

    cPanel.net Support Ticket Number:
     
  4. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!
    I emailed an Investigator at the New York State Police's Computer Crime Unit about the web site you listed. They are swamped but who knows they might be able to have them shut down.

    cPanel.net Support Ticket Number:
     
  5. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    A couple of those domains did not use cPanel, so it is more likely it is not a cPanel issue. But, it could be.

    If you got hacked, do you even know what happened or how they got in?

    Blaming cPanel isn't the thing to do here. It could be an exploit we don't know about, since..

    1) cPanel is just a software that helps us manage.

    2) There are a LOT of different programs that go into making all of this work.

    I would think it's paramount to yelling fire in a theater without finding if it's fire first. Go investigate and bring the results then scream. Not before!

    Brenden

    cPanel.net Support Ticket Number:
     
  6. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    try your system logs etc, if they are still there. dig our information and then place it here for proof, only then any solution can be derived.

    cPanel.net Support Ticket Number:
     
  7. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Not true. I have had hackers get in through users sites, most often a php site that was poorly coded. I have also had them get in through old versions of Gallery, pMachine and GrayMatter. Also, is your kernel up to date? Did you read the access, error and message logs? How much investigating did you do before deciding it must be cPanel's fault?

    cPanel.net Support Ticket Number:
     
  8. DHL

    DHL Well-Known Member

    Joined:
    Mar 8, 2002
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Do yourself a favour and block these IP's , its a good start:

    200.226.128/17

    cPanel.net Support Ticket Number:
     
  9. Tim Greer

    Tim Greer Well-Known Member

    Joined:
    Aug 11, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    6
    Unless you allowed some of us to review the server security, we can not assume that it had anything to do with Cpanel.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page