cPanelNick

Administrator
Staff member
Mar 9, 2015
3,481
35
208
cPanel Access Level
DataCenter Provider
All machines that are prone to the resetpass exploit will get a critical update request, and will update reguardless of their update settings. This will only affect machines that are prone to this exploit.

If you don't want this to happen, chmod 0 /scripts/upcp

We are sorry for any inconvience this may cause.

This update is scheduled for after 3pm EST today
 

erwinfa

Well-Known Member
Jun 14, 2003
108
0
166
So, do the latest stable version 9.1.0-STABLE_53, has fixed this problem ?
 

dhabets

Well-Known Member
Dec 31, 2001
68
0
306
cPanel Access Level
DataCenter Provider
Originally posted by bdraco
All machines that are prone to the resetpass exploit will get a critical update request, and will update reguardless of their update settings. This will only affect machines that are prone to this exploit.

If you don't want this to happen, chmod 0 /scripts/upcp

We are sorry for any inconvience this may cause.

This update is scheduled for after 3pm EST today
ehm, it seemed to have happened at 12 today on all my machines which are set to MANUAL.

Also, I don't read this forum every day and when I set things to "MANUAL" it means MANUAL.

This is just ridiculous and yes, I'm quite p.o. 'cos I just had 15 machines to take care of because of faulty cpanel upgrades.

Can you confirm or deny that the upgrades took place at 12 and not 3? and that's EST!

Great communication btw...
 

takeover

Member
Apr 29, 2003
18
0
151
i'm stuck with a half install, the server died after i tried to install this very important update, hopefully i get my ticket replied to soon, some things are pretty broken.
 

dhabets

Well-Known Member
Dec 31, 2001
68
0
306
cPanel Access Level
DataCenter Provider
well, I've had my coffee and calmed down a bit, but I really think the way this was done was not well thought out (dare I say stupid?).

I'm sorry, but this did more harm to cpanel's reputation than good. I understand the thought behind it, but still, NOBODY should do unasked for upgrades. That's pretty much like trespassing... simply don't do it (when I have not had my coffee :D)
 

gemby

Well-Known Member
PartnerNOC
Feb 16, 2002
182
0
316
Pula, Croatia
cPanel Access Level
DataCenter Provider
Guys, be very lucky that you did not pass trough hacked server situation. I have been lucky and upgraded on time all machines, but my frend did not!
######################
Checking `login'... INFECTED
Checking `pstree'... INFECTED
Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit installed
Searching for Showtee... Warning: Possible Showtee Rootkit installed
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 3 process hidden for ps command
Warning: Possible LKM Trojan installed
######################

One our after exploit was found!

We replaced all files with corect one, reinstall all rpm-s after that and chkrotkit is no longer complaining.


So do not please talk what they should, and what they shouldn't. They are probably saved your ass, yep, you probably had to upcp once again, right? So, what's the big deal?
 

nickn

Well-Known Member
PartnerNOC
Jun 15, 2003
616
1
168
Re: Re: Critical Update Notice

Originally posted by dhabets
ehm, it seemed to have happened at 12 today on all my machines which are set to MANUAL.

Also, I don't read this forum every day and when I set things to "MANUAL" it means MANUAL.

This is just ridiculous and yes, I'm quite p.o. 'cos I just had 15 machines to take care of because of faulty cpanel upgrades.

Can you confirm or deny that the upgrades took place at 12 and not 3? and that's EST!

Great communication btw...
I'm quite certain the update took place probably around 3, it was latest than midnight for sure. (EST)

You don't read the forums, you don't read WHM either? All you had to do was patch yourself, and you wouldn't have been patched.

The machines already patched/upgraded didn't receive the updates.
 

Big Gorilla

Active Member
Jan 30, 2004
34
0
156
Originally posted by xsenses
Does this also fix the hole the same guy posted to Butraq today?
It seemed to. I was able to reproduce the bugtraq hole before the update. After, it appears to be plugged.
 

thedavid

Well-Known Member
Nov 22, 2002
124
0
166
Originally posted by xsenses
Does this also fix the hole the same guy posted to Butraq today?
It appears to. I wasn't able to work the compromise, anyway.

-David
 

mainarea

Active Member
Nov 18, 2002
41
0
156
Nick - I don't like you guys doing this kind of stuff at all - I have to come back to a broken box after your automatic update? I didn't have the exploit anymore, but I wondered why my box mysteriously started updating... This is just a little frustrating for me.

- Matt
 

thedavid

Well-Known Member
Nov 22, 2002
124
0
166
Last I heard, the update was done *through* the exploit. So you might've not been patched at all if it auto-updated.

Just a thought.
 

TAWHosting

Member
Jul 12, 2003
8
0
151
UK
Originally posted by gemby
Guys, be very lucky that you did not pass trough hacked server situation. I have been lucky and upgraded on time all machines, but my frend did not!
######################
Checking `login'... INFECTED
Checking `pstree'... INFECTED
Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit installed
Searching for Showtee... Warning: Possible Showtee Rootkit installed
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 3 process hidden for ps command
Warning: Possible LKM Trojan installed
######################

One our after exploit was found!

We replaced all files with corect one, reinstall all rpm-s after that and chkrotkit is no longer complaining.


So do not please talk what they should, and what they shouldn't. They are probably saved your ass, yep, you probably had to upcp once again, right? So, what's the big deal?
3 of my servers tday were hacked using this explit wivin 30 minuted of each other, CPanel u have ALOT to answer for!
 

rs-freddo

Well-Known Member
May 13, 2003
828
1
168
Australia
cPanel Access Level
Root Administrator
Nick, I have to agree
MANUAL IS MANUAL
Luckily for me my cPanel wasn't updated. I have it set to manual because that's what I want. I had already disabled the password feature, so didn't need an upgrade.

If there are urgent security notices they should be in WHM news. People who don't login to WHM daily need to set their upgrades to automatic.

I hope this idea of automatic upgrades even for MANUAL, does not happen again.
 

LS_Drew

Well-Known Member
Feb 20, 2003
187
0
166
I just want to say to Nick that I really do think you did the right thing today to try and rectify the situation. If you had explained that those of us who already patched would be unaffected by the upgrade, I'd have been with ya from the start.

It's a shame that this had to happen in the first place, but your handling of the problem was, IMHO, first rate and saved MANY folks who didn't know any better and would have been hacked to pieces.
 
Last edited: