Help - Search - Members - Calendar
Full Version: !!Time to Update Cpanel servers!!!
The Planet Forums > Control Panels > cPanel/WHM
theuruguayan
Sep 23 2006, 08:06 PM
http://news.netcraft.com/archives/2006/09/..._mass_hack.html

cool.gif
aussie
Sep 23 2006, 09:49 PM
QUOTE (theuruguayan)
http://news.netcraft.com/archives/2006/09/...hack.html:cool:



Page not found. Cpanel, no thanks, I'v moved all users and all boxes are DirectAdmin using FreeBSD 6.1. I am finally free!
theuruguayan
Sep 24 2006, 05:58 AM
link fixed.
James Jhurani
Sep 24 2006, 01:32 PM
any idea what part of cpanel is exploited?
RTCruiser
Sep 24 2006, 02:52 PM
Thanks theuruguayan. Its input like this that makes these forums so valuable. I appreciate it.
ramprage
Sep 24 2006, 03:08 PM
Cpanel has a new 0 day security exploit infecting hosting providers. You must update your server immediately. http://www.webhostgear.com/369.html
ramprage
Sep 26 2006, 09:50 AM
Run /scripts/upcp and you should be patched
jbyers
Sep 26 2006, 08:02 PM
QUOTE
- This is a 0 day issue, and a patch from Cpanel for it was just relased on Sept. 23, 2006
- This exploit gives the attacker root access
- You will not detect this with rkhunter/chkrootkit
- You will not know you have been rooted
- It has been confirmed to be affecting more than just one hosting provider in different datacenters.


Why would rkhunter/chorootkit not detect this exploit? Is there a hidden process running? Please explain more of the technicial details involved this exploit
jbyers
Sep 26 2006, 09:28 PM
Here's a script from CPanel that checks if this exploit was actually patched:

QUOTE
wget -q -O - http://layer1.cpanel.net/installer/cpanel_...ecker_092406.pl | perl
ramprage
Oct 2 2006, 12:39 PM
QUOTE (jbyers)
Why would rkhunter/chorootkit not detect this exploit? Is there a hidden process running? Please explain more of the technicial details involved this exploit


No they would not detect this since the expliot was from cpanel itself.
gertiebeth
Oct 9 2006, 08:54 PM
I upgraded to CURRENT because of this threat but am nowing running into little bugs and want to go back to RELEASE. Is it safe to do so yet?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.