The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Have you done anything to enhance security?

Discussion in 'Security' started by bert, Mar 30, 2002.

  1. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    Is the XMB board you guys put on cpanel modified?

    I really hope it is and that you are full aware of the security issues with it:
    http://www.hackers.com/new/currentnews.php?nid=6
     
  2. dolphyn

    dolphyn Well-Known Member

    Joined:
    Nov 27, 2001
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    This is important! Someone hacked my customer's forum and ALL of the forum data was lost.
     
  3. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    I am still waiting for someone from Cpanel to at least let us know if anything has or will be done to enhance security. We don't need features like these. Filling a control panel with crappy scripts creates more of a problem than a convenience.
     
  4. patchwork

    patchwork Well-Known Member

    Joined:
    Nov 2, 2001
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    16
    Maybe they could replace it with phpbb http://sourceforge.net/projects/phpbb/

    I have not used it much but it seems like a good free forum system.

    Pete
     
  5. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    customer forum

    Does the customers forum come with CPanel? i want to get one!
     
  6. dolphyn

    dolphyn Well-Known Member

    Joined:
    Nov 27, 2001
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I've looked into this a little more, and it appears to me that the CPanel version of XMB has resolved the issues mentioned in the hackers.com article (though not in the same way as suggested by hackers.com).

    The headers.php file begins with [b:6027ab375a]$tempcache = &&;[/b:6027ab375a], which seems to resolve the first issue.

    The post.php file includes [b:6027ab375a]if (!is_uploaded_file($attach)){die(&file upload failed&);}[/b:6027ab375a] which seems to resolve the second issue.

    HOWEVER, the CPanel installation includes the file [b:6027ab375a]newinstall.php[/b:6027ab375a], which can be easily exploited to delete all of the data, and I suspect this is how my customer's forum was hacked. Anyone using XMB should delete this file.
     
  7. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    My best recommendation is to remove XMB from the Cpanel skins in use and notify customers who have it that there are serious security risks and recommend their removal. We as hosts have too many duties and responsibilities and it is ridiculous to troubleshoot, work on or improve poorly written software.

    I did all of the above and I know I am saving myself a lot of trouble.

    My $0.02 ;)
     
  8. aventuremedia

    aventuremedia Registered

    Joined:
    May 7, 2002
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Re

    Hi, we took over the development in Feb 2002 from the old team.
    ALL security issues have been fixed in the new XMB 1.6 Magic Lantern edition, which from what I hear is now available in the latest CPanel.

    Richard
    Aventure Media
    http://www.aventuremedia.com
     
  9. bert

    bert Well-Known Member

    Joined:
    Aug 21, 2001
    Messages:
    602
    Likes Received:
    0
    Trophy Points:
    16
    Great! Thanks for letting us know Richard. :)
     
Loading...

Share This Page