dave1

Registered
Jan 24, 2010
3
0
51
For a short time my cpanel was accessible without having to sign into it.
No password box appeared, the cpanel was open for anyone on the net to see. All you had to do was go to my cpanel and it was there in full view. The cpanel is the latest version. Nobody got root access to the server. Could some sort of code injection have caused this.
I made the mistake of leaving allow url fopen, expose php and register globals on. did a hacker exploit these?
 

garrettp

Well-Known Member
PartnerNOC
Jun 18, 2004
312
1
166
cPanel Access Level
DataCenter Provider
In addition to the above being possible, cPanel uses it's own internal PHP and is not affected by the setting of fopen, expose_php, register_globals, et al that are set as part of the usual webserver configuration.

The situation mentioned by anushkumar seems to be the most likely.