The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is SSHControl.pm?

Discussion in 'General Discussion' started by soundguy, Jul 25, 2014.

  1. soundguy

    soundguy Well-Known Member
    PartnerNOC

    Joined:
    Oct 29, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    seattle
    While working on one of my servers, I noticed that there are a bunch of root shell commands in the history that I never entered:

    echo Cpanel::SSHControl::Expect::Reset::miZkeAyqwM2PxU6o

    export LANG=C; export TERM=dumb; export PS1="Cpanel::SSHControl - \TcPs# ";export PROMPT_COMMAND=""; stty raw; echo $0; echo; echo

    exit

    There are several more with account-specific language that resembles some modifications that I actually did a few days ago, but why is this stuff appearing on the root shell history? I'm treating it like an exploit. The file

    /usr/local/cpanel/Cpanel/SSHControl.pm

    seems to be a legit cPanel Perl module, but it just showed up on July 14th. Anybody have any ideas what's going on here? I see that the file exists on at least one of my other servers (dated July 9th), but the shell commands are not in the history on that machine. I'm wondering if this is a new cPanel feature that is already being exploited by miscreants.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Please ensure you open a support ticket if you are concerned about a potential security flaw with cPanel:

    Submit A Ticket

    This will allow us to direct the ticket to our security team if deemed necessary. Feel free to post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  3. cPJacob

    cPJacob cPanel Product Owner
    Staff Member

    Joined:
    May 2, 2014
    Messages:
    509
    Likes Received:
    65
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    SSHControl is a package used during Transfers with the new Transfer Tool. It will create a lot of text in the bash history files on servers.
     
  4. soundguy

    soundguy Well-Known Member
    PartnerNOC

    Joined:
    Oct 29, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    seattle
    Ok, thanks. That fits the circumstances. You guys really should issue a warning when you create new features with that kind of behavior though. Seeing command strings with obfuscated data calling a file that has only existed for a couple of days just screams "exploit", especially when I'm only half way thru my first cup of coffee. :)
     

Share This Page