Hello!
My name is Alex Bogatu and i am an system engineer. I have in my administration a cPanel server with almost 1300 sites hosted. A couple a days ago this server was the target of an mass defacement attack and there were almost 1000 sites affected. The attacker apparently replaced the content of each site with his own index.html. This attacker name is Islamic Ghost Team and zone-h.com is saying that there were 30000 sites affected in just 3 or 4 days.
The big problem is that i detected that the attacker changed the root password on my server. So he, somehow, uploaded a privilege escalation script or something like that. My question is: is there some vulnerability in cPanel not yet made public? Or is there someone who got the same problem. I read on google that this is not the first time those guys crack sites.
I have version 11.36.1 (build 6).
Thanks
My name is Alex Bogatu and i am an system engineer. I have in my administration a cPanel server with almost 1300 sites hosted. A couple a days ago this server was the target of an mass defacement attack and there were almost 1000 sites affected. The attacker apparently replaced the content of each site with his own index.html. This attacker name is Islamic Ghost Team and zone-h.com is saying that there were 30000 sites affected in just 3 or 4 days.
The big problem is that i detected that the attacker changed the root password on my server. So he, somehow, uploaded a privilege escalation script or something like that. My question is: is there some vulnerability in cPanel not yet made public? Or is there someone who got the same problem. I read on google that this is not the first time those guys crack sites.
I have version 11.36.1 (build 6).
Thanks