Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

phpthumb serious Security Problem (of interest to all users)

Discussion in 'Security' started by bewnet, Aug 30, 2011.

  1. bewnet

    bewnet Member

    May 19, 2011
    Likes Received:
    Trophy Points:
    Our server was attacked two times in 15 days.

    The hacker used a security hole that exists in the library phpthumb (version 1.7.9).

    With that, he had full access to the server and removed several files from different sites and also several files (including log files) from CPanel. This demanded a completely new installation of the system and recovery of the backup, which takes several hours, leaving the server and the Web sites unavailable during this period. Additionally, he could have simply removed the entire system, what is very serious.

    Since we can not track users and prevent them to put this version of the phpthumb in his sites again, allowing a new attack, is there any way to fix this in CPanel, preventing anyone to have full access again on the server, either through the phpthumb or some also another feature that have failures of this type?

    Anyone had this problem to? How to fixed it?

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice