The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

my cpanel was hacked

Discussion in 'General Discussion' started by dave1, Jan 27, 2010.

  1. dave1

    dave1 Registered

    Joined:
    Jan 24, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    For a short time my cpanel was accessible without having to sign into it.
    No password box appeared, the cpanel was open for anyone on the net to see. All you had to do was go to my cpanel and it was there in full view. The cpanel is the latest version. Nobody got root access to the server. Could some sort of code injection have caused this.
    I made the mistake of leaving allow url fopen, expose php and register globals on. did a hacker exploit these?
     
  2. anushkumar

    anushkumar Well-Known Member

    Joined:
    May 14, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    dave1,

    Not sure about the exact situation there but I would say you would have had your browser saving passwords for your cpanel. You perhaps did not logout from your cpanel.
     
  3. garrettp

    garrettp Well-Known Member
    PartnerNOC

    Joined:
    Jun 18, 2004
    Messages:
    312
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    In addition to the above being possible, cPanel uses it's own internal PHP and is not affected by the setting of fopen, expose_php, register_globals, et al that are set as part of the usual webserver configuration.

    The situation mentioned by anushkumar seems to be the most likely.
     
Loading...

Share This Page