The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpthumb serious Security Problem (of interest to all users)

Discussion in 'Security' started by bewnet, Aug 30, 2011.

  1. bewnet

    bewnet Member

    May 19, 2011
    Likes Received:
    Trophy Points:
    Our server was attacked two times in 15 days.

    The hacker used a security hole that exists in the library phpthumb (version 1.7.9).

    With that, he had full access to the server and removed several files from different sites and also several files (including log files) from CPanel. This demanded a completely new installation of the system and recovery of the backup, which takes several hours, leaving the server and the Web sites unavailable during this period. Additionally, he could have simply removed the entire system, what is very serious.

    Since we can not track users and prevent them to put this version of the phpthumb in his sites again, allowing a new attack, is there any way to fix this in CPanel, preventing anyone to have full access again on the server, either through the phpthumb or some also another feature that have failures of this type?

    Anyone had this problem to? How to fixed it?

Share This Page