The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security compromise in cPanel?

Discussion in 'Security' started by methos, May 8, 2008.

  1. methos

    methos Member

    Joined:
    Sep 25, 2007
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I have just had the following report from a customer ... needless to say we are extremely concerned abotu this ... does anyone have any thoughts .....?

    Over the past few days or so I have noticed if I leave the cPanel open for a long while like overnight and then refresh the page I get SOMEONE ELSE'S cPanel account. For example right now I am looking at XXXXXXXX.com cPanel. At first I thought it was a fluke bug but now I realize it is full access.

    This should be fixed ASAP, one of my customer's cPanel changed to portuguese by itself hinting that someone else had access and changed it thinking it was theirs.

    in a later report he told us .....

    I just tried to save an html file using the html editor in the file manager and it said..

    "Unable to change directory to /home/XXXXX/home/YYYYYY/public_html! You do not seem to have access permissions! (System Error: No such file or directory)"

    (I have substitued YYYYY for this users valid home directory, XXXX is another users ....)
     
  2. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Very interesting. Maybe a bunch of us should try this and see if we can duplicate it. I have 5 windows machines here in the office and I am going to login to 5 different accounts on one server and leave it alone overnight tonight to see if it happens to any of them.

    Could this be something due to cookies or other session variables getting reused after a long period of time?.
     
  3. methos

    methos Member

    Joined:
    Sep 25, 2007
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    thanks, would appreciate if someone can replicate ... we are definitely suspecting expired and maybe re-used sessions here ... apparently the user just refreshes the page and there it is ... no requirement to re-login or anything ...
     
  4. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    If you can send us some info in a support request, that'd be great. We'd surely like to squash something like this quickly if it's reproducible.
     
  5. ffeingol

    ffeingol Well-Known Member
    PartnerNOC

    Joined:
    Nov 9, 2001
    Messages:
    215
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    We can no replicate this but we did have it happen over the weekend. Client "a" logged in and saw client "b's" cPanel. They logged out/in and everything was fine. later in the day we got a support ticket from "client b" and when they went to cPanel they saw "client a". We had very unhappy clients.
     
  6. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Well I got my 5 machines logged into different accounts cpanel since 5pm eastern. I will leave them like this until the morning to allow for the day change and the overnight upcp backend stuff to run just in case that has something to do with it as well. I figure by 6 or 7am eastern should be long enough.

    Only time will tell.......
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Would you mind posting the version of cPanel that server is running?
     
  8. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    We have had SEVERAL customers contact us also with a similar messaage except they're having the SAME thing happen with webmail..

    ie. they say, sometimes when they refresh their webmail they find themselves in some other customer's mailbox (not another mailbox under the same acct, but another customer altogether)

    So obviously this issue is affecting both cpanel and webmail logins Is there a fix for this yet?

    We have VERY pissed off customers right now
     
  9. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    If someone experiencing these issues can post the information below that would be great:

    OS:
    cPanel version:

    Thanks.
     
  10. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    Os is centos 4.6
    cPanel 11.18.5-R24148

    We've blocked cpanel and webmail (both ssl and non-ssl) ports on our firewall until this is resolved. i'd highly recommend everyone does it unless you wanna get sued. I just had a big client scream at me because apparently another customer contacted them after they found themselves in thsi client's mailbox (via webmail)
     
    #10 qwerty, May 8, 2008
    Last edited: May 8, 2008
  11. gottabekidding

    Joined:
    Sep 7, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    0
    Had something remotely similar occur -- except the user was publishing files & it ended up on another one of his accounts. (Mentioned to Mr. Peterson earlier)

    Could this be confirmed or denied by cpanel -- a private hint at the very least & some immediate recommendations would be nice. ;)
     
  12. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    Just to clarify - I tried but was not able to reproduce the issue mentioned to me earlier. I speculate that this was because I had only tested the issue on EDGE (either 11.23.0-EDGE_24219 or whatever the previous version was), while it was reported to have occurred 1 time on 05/08/08 on a server running RELEASE (11.18.5-R24148 if I remember correctly). This was on CentOS.
     
  13. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
  14. rkm11

    rkm11 Active Member

    Joined:
    May 30, 2007
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    This is all quite interesting...

    Now that this issue has been resolved, how long had this been happenening for each release? :s
     
  15. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    The problem was introduced in the Security update on May 1st.
     
  16. Bailey

    Bailey Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    120
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Wisconsin
    Nick, this is the 2nd thing I've seen, that you fixed very quickly late last week ... you also fixed a cPanel-side thing for a ticket I had open ... (and I am sure there were many other things that I haven't seen) ...

    I just wanted to say thank you, and great job. :) Quick attention and fast repairs are just wonderful, and very, very much appreciated.

    :D Bailey
     
Loading...

Share This Page