Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cpanel Security Problem

Discussion in 'Security' started by teddymills, Aug 8, 2005.

  1. teddymills

    teddymills Member

    Jul 25, 2005
    Likes Received:
    Trophy Points:

    I have a Cpanel 9.x and all the updates.
    However someone(s) has installed a SSH-SCAN in /tmp.

    This progam then do a pile of SSH-SCANs on other computers and networks from MY server!

    Not only that, but there are 2 virus's in these binaries!
    Linux RST.B and Linux Backegmm.

    Now my question to you cpanel experts out there is.
    What is my best course of action to take to get this corrected ASAP!!
    This is a commercial server, so I cannot afford to wait it out.

    Thanks in advance.


    Is it me, or is CPANEL not exactly the most secure system?
    In fact it seems to be a prime hackers target.
    To get CPANEL serverrs properly secured, do I have to start doing a lot of customizing?


  2. Blue|Fusion

    Blue|Fusion Well-Known Member

    Sep 12, 2004
    Likes Received:
    Trophy Points:
    Cleveland, Ohio
    Remount /tmp and /var/tmp with noexec,nosuid,nodev options. Remove the file. And update cPanel to the latest version (cPanel 10 is latest now, not 9).
  3. dgbaker

    dgbaker Well-Known Member

    Sep 20, 2002
    Likes Received:
    Trophy Points:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Also server security is generally outside the realm of cPanel. cPanel is not a security software and should not be thought as one. As with any server (ms or *nix based) you need to do server security for it yourself. That said there are many companies around that can do that for you aa a fair price. See the Ads & Offers area for some sites.

    Another note, do not scrimp on cost when it comes to server security, once you get it done right the first time, it is easier to maintain and keep updated. From the sounds of your situation you need to get that server checked out quickly. If the server has been compromised severely enough, you may have to reload the OS.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 dgbaker, Aug 8, 2005
    Last edited: Aug 8, 2005

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice