The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Just got hit by iframe hack on 5 boxes

Discussion in 'General Discussion' started by gotroot, Oct 1, 2007.

  1. gotroot

    gotroot Active Member

    Joined:
    Mar 27, 2007
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Not sure how since we have iframe rules in mod_security but this just happened to us on 5 boxes hosting in 3 different DC's. Every index file on every box replaced.

    What going on with this? Is there a v11 exploit? Must be. What a co incidence that all 5 boxes are hit in 3 different DC's. I understand 1 but 5?

    Unbelievable.
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    There is a very long discussion about this at: http://forums.cpanel.net/showthread.php?p=333644

    We're unsure as to what precisely could be causing this and if it's even a cPanel-specific exploit (as there have been reports of this occurring on non-cPanel servers). If you or anyone else finds any evidence that it could be a cPanel security issue, please send relevant logs and commentary to security@cpanel.net
     
  3. kamyana

    kamyana Member

    Joined:
    Apr 5, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Pakistan
    Hi

    one of my clients had a similar issue with iframe injection. I tried alot of different rules etc but of no vain. In the end, i just asked my client to remove a javascript from his index page and that solved the issue.

    I am not sure but it seems its related to java scripts or something.
     
  4. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA

    is it possible that one of your resellers may be scattered with atleast one account on each of those boxes that are affected? do any of them have anything in common client wise?
     
Loading...

Share This Page