The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Old cpanel vulnerable?

Discussion in 'Security' started by seancho, Aug 31, 2014.

  1. seancho

    seancho Registered

    Joined:
    Aug 31, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi. I'm working to diagnose a hacked server for a client. Client machine is running an an old unlicensed cpanel 11.30.3.5. Is this a potential attack vector? I'm reading this, for instance:

    /https://blog.rack911.com/category/security-advisories/

    No license, so I can't upgrade. Apparently cpanel can't be uninstalled. How can I make sure this old cpanel cannot be exploited?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's not feasible to use a version of cPanel that is no longer supported. The LTS release for cPanel version 11.30 is:

    11.30.8.0

    With no license, your best option is to backup the accounts and manually restore them on a new server without cPanel installed.

    Thank you.
     
  3. seancho

    seancho Registered

    Joined:
    Aug 31, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thanks. So, just to clarify, cPanel 11.30.3.5 is vulnerable to attack, even without an installed license?

    Given that this is a full-time production server, I don't know that the client wants to start from scratch with a new server install. Is there no way at all to disable cpanel so that it can be rendered invulnerable to attack? I don't want to use it - completely disabled would be fine. Seems like there should be a way to stop anyone, local or remote, from connecting to it, render core files inoperable, or something, but I'm just not very familiar with the inner workings of cPanel, or the possible exploits of these older versions.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Several security releases have been issued since that version. You can find a list of the targeted security release announcements at:

    Security | cPanel

    You must format the partitions and reinstall the operating system in order to fully uninstall cPanel due to the nature of how cPanel integrates itself very deeply into the OS.

    Thank you.
     
Loading...

Share This Page