Yeah - I have to agree. Saved alot of damage. Just think how many folks haven't even caught wind of anything yet...Originally posted by LS_Drew
I just want to say to Nick that I really do think you did the right thing today to try and rectify the situation. If you had explained that those of us who already patched would be unaffected by the upgrade, I'd have been with ya from the start.
It's a shame that this had to happen in the first place, but your handling of the problem was, IMHO, first rate and saved MANY folks who didn't know any better and would have been hacked to pieces.
My Port 2082 is firewalled, so i tried it on port 2083 - no go. Must have correct user and password.
Its all part of the same problem. The patch should take care of it.Originally posted by LS_Drew
Are we gonna have to go through this all over again?
What about those who have "email password" off and haven't upgraded?Originally posted by bdraco
Its all part of the same problem. The patch should take care of it.
The patch from earlier today does fix the problem since its all the same module that is affected.Originally posted by rs-freddo
What about those who have "email password" off and haven't upgraded?
mydomain has a point - "should" or "will"????
If you don't know any better, then your servers should be set to allow automatic security updates. If you set your servers to manual then updates should not occur. It really is not that hard a concept to grasp.Originally posted by LS_Drew
your handling of the problem was, IMHO, first rate and saved MANY folks who didn't know any better and would have been hacked to pieces.
What type of Cpanel build do you run on your servers with Automatic Update then?Originally posted by SarcNBit
If you don't know any better, then your servers should be set to allow automatic security updates. If you set your servers to manual then updates should not occur. It really is not that hard a concept to grasp.
I applaud cPanel for responding to this threat so quickly. I know it had to have been a busy day for everyone involved with all of the support requests. The way the updates were pushed out however needs to be re-evaluated.
I think most people didn't know the update exploited the hole and therefore was directly targetted at exploitable servers. I certainly didn't until you pointed it out.Originally posted by LS_Drew
'If' 'should' yada yada, all that is irrelevant. People SHOULD do lots of things. But they don't. It's no different here.
The way the updates were delivered, IMHO, was brilliant. Set a script to exploit the hole, using the exploit to patch the system. That way, if the patching was taken already care or the box just wasn't vulnerable, nothing was done. How can it get any better than that? The people that did what they were supposed to do got no frantic calls today. The rest may have had an update fail. C'est la vie.
the only safe way to remove t0rn is a full OS restore, dont compromise yours or your clients data by doing a half arsed job.Originally posted by thechronic
I've been infected with tornkit8 too. I found a thread on WHM on how to remove it: http://www.webhostingtalk.com/showthread.php?s=&threadid=247298
Hope that helps!!
|Thread starter||Similar threads||Forum||Replies||Date|
|Manage Teams Update||cPanel Announcements||0|
|EasyApache January 19 Security Update||cPanel Announcements||0|
|UPDATE EasyApache September 29 Release||cPanel Announcements||0|
|CloudLinux 7 and CentOS 7 End of Life Update||cPanel Announcements||35|
|CloudLinux 6 End of Life Update||cPanel Announcements||0|