The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server was hacked via cPanel demo...

Discussion in 'General Discussion' started by WreckRman2, Dec 24, 2003.

  1. WreckRman2

    WreckRman2 Member

    Joined:
    Nov 25, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indianapolis, IN
    This morning my server with EV1 was hacked. The EV1 support center determined that the hacker made his way into the system via the cPanel demo I had available on my server. The hacker was able to upload a file into my /tmp directory that was performing DOS attacks.

    Now I really like cPanel but it's a shame that their own demo mode isn't secure. Needless to say I won't be offering a demo mode anymore and I wanted to share this eith everyone else.

    If you have any questions I'll gladly answer them but I will say everything on my server was up to date.
     
  2. GordonH

    GordonH Well-Known Member

    Joined:
    Sep 6, 2001
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    This is possibly related to the php issue I reported earlier in the week.
     
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Which has been fixed according to the changelog, but only in EDGE... :(
     
  4. GordonH

    GordonH Well-Known Member

    Joined:
    Sep 6, 2001
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    Yes, I dont like updating to edge.
    Its OK if you have one or 2 servers but we have nearly 60 and if there is a bug in the edge release it can be a nightmare to try and deal with across so many boxes.
     
  5. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Can anyone confirm this PHP bug has been exploited on a cPanel server? What is cPanel doing to fix this? If this is a remotely exploitable vulnerability Nick needs to get on the ball and push out a fix in a release update now.
     
  6. qbert1987

    qbert1987 Well-Known Member

    Joined:
    Dec 22, 2003
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canberra, Australia
    anyone herd from the achal cpanel people about this, im keen for a fix so i can offer a demo...
     
    #6 qbert1987, Jan 9, 2004
    Last edited: Jan 13, 2004
  7. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    it would be nice to have a timeframe on when the next stable release of cpanel would actually be released.
     
  8. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    agreed. Been almost 3 months already.
     
Loading...

Share This Page