The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server hacked from CPanel - after backup function

Discussion in 'General Discussion' started by yaax, Mar 15, 2005.

  1. yaax

    yaax Well-Known Member

    Joined:
    Jun 15, 2003
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Today my server was hacked by some users accessed it from Cpanel only.
    They even did not accessed from SSH - thay only got access to root WHM and deleted all accounts.

    I have checked CPanel logs, they triied to find all CPanel security holes and finally they found some way by uploading some invalid backup file from another account on another server.

    My server run Linux Fedora Core 2 last kernel, and CPanel R-143

    I think all Cpanel users must know about this problem!

    Also Cpanel must add some security layer like email on every root login to CPanel and store all unsuccessfull CPanel logins and lock CPanel account after few failed logins from Cpanel menu.
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Please send an e-mail to cpanel about this. If this is an actual security hole, they need to be notified of it immediately. They may or may not see this post, and there's no guarantee when they'll see it if they do.
     
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Even if it's not a security hole I think it's time for CPanel to add some security measures to make it less interesting for hackers to try to gain access through unmonitored CPanel/WHM ports.

    3 options I would be interested in are:
    -Access to WHM based on IP
    -Send e-mail with every WHM root log-in attempt and block ip after 3 failed log-ins.
    -Block ip address after a defined number of failed CPanel log-ins.
     
Loading...

Share This Page