Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Concerns

Discussion in 'Security' started by Kent Brockman, Jul 5, 2017.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,160
    Likes Received:
    5
    Trophy Points:
    68
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello guys. I'm becoming a bit worried about the number of utilities you can find by simply googling "cPanel exploit". One customer brought this to my attention and wanted to share it with you:

    - Removed -

    What can you tell about this? Are we generally safe? Having clamAV, CSF and secure passwords is enough to sleep well? Should be aware of anything else? Do you monitor these scripts and test them against test scenarios?

    Thanks!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,766
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There's no need to share that sort of link (or promote it with thread title) on these forums. Shell scripts like that have been around for years.

    None of that really matters if your client uploads it to their account willingly to "test it". Those scripts email home when ran.

    Chirpy's CSX is worth every penny and does a great job of helping to prevent these sorts of scripts from being uploaded:
    configserver.com/cp/cxs.html

    As one suggestion for you.
     
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,160
    Likes Received:
    5
    Trophy Points:
    68
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    ok, sorry for the link and title. I know CXS, but my concerns were for what an attacker could do to us or others.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,766
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Your concern is valid, I'm with you 100%. Preventing this sort of thing from getting on your server in the first place is a tough job.
     
  5. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    991
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Do you use 2Factor Authentication?
    And strong password policies?
    And educate your clients?

    You should!
     
    Infopro likes this.
Loading...

Share This Page