New Exploit In Cpanel - Read Asap! - Servers Hackable I am the first to post about this new form of getting into a box. Just to think if you have a RedHat box with a default file system like DedicatedNow, then your box is as good as toasted. Your box can have /tmp noexec,nosuid,nodev,nouser! You're still gone. /dev/shm. Shared Memory. Unfortuantely, by default it has 'defaults' settings, which allow files to be run. To fix this type: pico /etc/fstab in /dev/shm line, change 'defaults' to 'noexec,nosuid' without the quotes. Hit CTRL + X , and y to save as /etc/fstab, and enter. Now, umount /dev/shm. After mount /dev/shm. Your shm is now secure. Unfortunately, many php scripts are poorly written and are insecure. Check all domlogs for wget, possibly with this command: for files in /usr/local/apache/domlogs/*; do grep "wget" $files; done; This will check for wget in any files, And help indentifty which insecure files lead to what. I also suggest a process killer such as WatchDog from http://www.webhosting-tools.com. Lane Vance owns the site and is a very good programmer. Watchdog is a CGI script that runs in the background and can also kill files run by nobody for an amount of time or CPU you choose. This will help kill perl scripts executed by /usr/bin/perl in /tmp or /dev/shm. Many perl scripts are out now that run DDOS's and shells. I also suggest downloading APF firewall, and installing if. It you need a good default cpanel conf file, email me at email@example.com. I can help you install it, secure your server. Unfortuantely Cpanel will never be secure, and you need a security admin these days to make sure your servers are as secure as they can be, and up2date :banana: Comments are welcome to this find.