Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | 2 alerts from Secunia

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Security & Virus Discussion
Register FAQ Community Calendar

Webhost hit by cPanel exploit
Reply
 
Thread Tools
Old 27-09-2006, 11:11   #1
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 62
Services: Aquiss FTTP (900M), Sky Q TV, Sky Mobile, Flextel SIP
Posts: 29,680
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Webhost hit by cPanel exploit

The popular linux [server] control software cPanel got hacked the other day ;

http://www.seopedia.org/internet-mar...-in-mass-hack/
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Advertisement
Old 27-09-2006, 11:19   #2
punky
Inactive
 
Join Date: Jun 2003
Age: 44
Posts: 14,750
punky has a golden aurapunky has a golden aura
punky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aurapunky has a golden aura
Re: Webhost hit by cPanel exploit

Thanx for the heads up mate. Just wonder if I should warn my hosting co...

Shame about cPanel though, I really like it.
punky is offline   Reply With Quote
Old 27-09-2006, 11:56   #3
KingPhoenix
Inactive
 
KingPhoenix's Avatar
 
Join Date: Jun 2003
Location: On top of this heat sink
Age: 45
Services: Sky+ & 8mb ADSL + BT Together option 3
Posts: 2,345
KingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze array
KingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze array
Send a message via MSN to KingPhoenix
Re: Webhost hit by cPanel exploit

Unfortunately this is alot worse than made out in Paul's post.

None of I-Webs servers were affected in this bug, we secured the servers as soon as the patch was released. Unfortunately a number of other hosts were victims even before the bug was widely known.

What did the bug do : Well it allowed someone to use the server as their own, allowing them to input code into other peoples files.

Then what? : If a user then visited your site, due to an exploit in IE too, a keylogger was installed into there system.

A key logger? : Yes, it basically logs every key you press and sends it to a remote server. This includes capturing login details for e-mail, online banking etc.

How do i know if i have been affected? : Apparently this site should crash if you are affected http://www.isotf.org/zert/testvml.htm

If that site crashes, then it is highly likely you are affected by this exploit, that was delivered using an exploit in cPanel.


Again, i would just like to clarify that none of the I-Web servers fell victim to this bug.
KingPhoenix is offline   Reply With Quote
Old 27-09-2006, 12:19   #4
bopdude
Inactive
 
bopdude's Avatar
 
Join Date: Jun 2003
Location: Teesside
Posts: 8,315
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
Send a message via MSN to bopdude
Re: Webhost hit by cPanel exploit

Quote:
Originally Posted by KingPhoenix View Post
How do i know if i have been affected? : Apparently this site should crash if you are affected http://www.isotf.org/zert/testvml.htm

If that site crashes, then it is highly likely you are affected by this exploit, that was delivered using an exploit in cPanel.

When I try and access that site my AV kicks in with this, does this mean I'm infected or what does it mean ??
bopdude is offline   Reply With Quote
Old 27-09-2006, 12:24   #5
Paul K
Inactive
 
Paul K's Avatar
 
Join Date: Jun 2003
Location: Essex innit
Age: 51
Services: Sky HD + 16Mb ADSL BT Telephone
Posts: 15,735
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Re: Webhost hit by cPanel exploit

Might want to get it checked
http://vil.nai.com/vil/content/v_140629.htm
Paul K is offline   Reply With Quote
Old 27-09-2006, 12:36   #6
bopdude
Inactive
 
bopdude's Avatar
 
Join Date: Jun 2003
Location: Teesside
Posts: 8,315
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
Send a message via MSN to bopdude
Re: Webhost hit by cPanel exploit

Quote:
Originally Posted by Paul View Post
Might want to get it checked
http://vil.nai.com/vil/content/v_140629.htm
I can't find any trace of it..yet, still searching of all the days to log onto my online banking
bopdude is offline   Reply With Quote
Old 27-09-2006, 12:55   #7
Druchii
cf.mega poster
 
Druchii's Avatar
 
Join Date: Mar 2006
Location: Oslo, Norway.
Age: 36
Services: Canal Digital: 50/10
Posts: 7,577
Druchii has a nice shiny star
Druchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny starDruchii has a nice shiny star
Re: Webhost hit by cPanel exploit

Not affected by it.
It's bad to see things such as cPanel, with big jobs to do getting compromised. But it's bound to happen at some point. Let's hope all damage done ca be reverted.
Druchii is offline   Reply With Quote
Old 27-09-2006, 13:16   #8
Paul K
Inactive
 
Paul K's Avatar
 
Join Date: Jun 2003
Location: Essex innit
Age: 51
Services: Sky HD + 16Mb ADSL BT Telephone
Posts: 15,735
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Re: Webhost hit by cPanel exploit

Possibly just a warning that it was detected as you logged into Cpanel Bop, might want to get your host to check the server just in case.
Paul K is offline   Reply With Quote
Old 27-09-2006, 16:09   #9
bopdude
Inactive
 
bopdude's Avatar
 
Join Date: Jun 2003
Location: Teesside
Posts: 8,315
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
Send a message via MSN to bopdude
Re: Webhost hit by cPanel exploit

Quote:
Originally Posted by Paul View Post
Possibly just a warning that it was detected as you logged into Cpanel Bop, might want to get your host to check the server just in case.
I take it people are only at risk if they have a site running cpanel then , ( no site )I thought that link was a general 'log on and see' type thing

Sorry, but why then would my AV flash up that warning ???
bopdude is offline   Reply With Quote
Old 27-09-2006, 16:18   #10
marky
Inactive
 
marky's Avatar
 
Join Date: Mar 2005
Location: bolton
Age: 56
Services: non wife took control
Posts: 5,425
marky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny star
marky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny star
Re: Webhost hit by cPanel exploit

Oh blummin great, you have just answered a lot of questions
marky is offline   Reply With Quote
Old 27-09-2006, 16:18   #11
Graham M
-
 
Graham M's Avatar
 
Join Date: Jul 2003
Location: Poole, Dorset
Age: 40
Services: FreeSat+ Tivo V-Box VM 60MBit
Posts: 13,365
Graham M has a pair of shiny starsGraham M has a pair of shiny stars
Graham M has a pair of shiny starsGraham M has a pair of shiny starsGraham M has a pair of shiny starsGraham M has a pair of shiny starsGraham M has a pair of shiny starsGraham M has a pair of shiny starsGraham M has a pair of shiny starsGraham M has a pair of shiny stars
Send a message via MSN to Graham M Send a message via Yahoo to Graham M
Re: Webhost hit by cPanel exploit

Is there a fix for Cpanel then?
Graham M is offline   Reply With Quote
Old 27-09-2006, 16:20   #12
Paul K
Inactive
 
Paul K's Avatar
 
Join Date: Jun 2003
Location: Essex innit
Age: 51
Services: Sky HD + 16Mb ADSL BT Telephone
Posts: 15,735
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Paul K is seeing silvered starsPaul K is seeing silvered starsPaul K is seeing silvered stars
Re: Webhost hit by cPanel exploit

KP said in his post that I-web have patched their servers already so a patch must be out there for the problem.
Paul K is offline   Reply With Quote
Old 27-09-2006, 16:23   #13
bopdude
Inactive
 
bopdude's Avatar
 
Join Date: Jun 2003
Location: Teesside
Posts: 8,315
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
Send a message via MSN to bopdude
Re: Webhost hit by cPanel exploit

Quote:
Originally Posted by marky View Post
Oh blummin great, you have just answered a lot of questions
Who did ? me ? you fell for the same thing ???? I'm not alone in the world then
bopdude is offline   Reply With Quote
Old 27-09-2006, 16:27   #14
marky
Inactive
 
marky's Avatar
 
Join Date: Mar 2005
Location: bolton
Age: 56
Services: non wife took control
Posts: 5,425
marky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny star
marky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny starmarky has a nice shiny star
Re: Webhost hit by cPanel exploit

Quote:
Originally Posted by bopdude View Post
Who did ? me ? you fell for the same thing ???? I'm not alone in the world then
Our servers blocked several ip's at the time this happened, and the site posted here crashes
marky is offline   Reply With Quote
Old 27-09-2006, 16:29   #15
bopdude
Inactive
 
bopdude's Avatar
 
Join Date: Jun 2003
Location: Teesside
Posts: 8,315
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
bopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny starsbopdude has a pair of shiny stars
Send a message via MSN to bopdude
Re: Webhost hit by cPanel exploit

Quote:
Originally Posted by marky View Post
Our servers blocked several ip's at the time this happened, and the site posted here crashes
I see
bopdude is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 00:27.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum