Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security Concerns

Discussion in 'Security' started by Kent Brockman, Jul 5, 2017.

  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,178
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello guys. I'm becoming a bit worried about the number of utilities you can find by simply googling "cPanel exploit". One customer brought this to my attention and wanted to share it with you:

    - Removed -

    What can you tell about this? Are we generally safe? Having clamAV, CSF and secure passwords is enough to sleep well? Should be aware of anything else? Do you monitor these scripts and test them against test scenarios?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,258
    Likes Received:
    390
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There's no need to share that sort of link (or promote it with thread title) on these forums. Shell scripts like that have been around for years.

    None of that really matters if your client uploads it to their account willingly to "test it". Those scripts email home when ran.

    Chirpy's CSX is worth every penny and does a great job of helping to prevent these sorts of scripts from being uploaded:
    configserver.com/cp/cxs.html

    As one suggestion for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,178
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    ok, sorry for the link and title. I know CXS, but my concerns were for what an attacker could do to us or others.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,258
    Likes Received:
    390
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Your concern is valid, I'm with you 100%. Preventing this sort of thing from getting on your server in the first place is a tough job.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    993
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Do you use 2Factor Authentication?
    And strong password policies?
    And educate your clients?

    You should!
     
    Infopro likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice