Saturday, September 23, 2006

HostGator: cPanel Security Hole Exploited in Mass Hack

Via Netcraft.

HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. "I can tell you with all accuracy that this is definitely due to a cPanel exploit that provides root access and all cPanel servers are affected," said HostGator system administrator Tim Greer. "This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current and Edge."

cPanel has just released a fix. "Running /scripts/upcp will fix the vulnerability in all builds," cPanel said in a message on its user forums. "Please note that this is a local exploit which requires access to a cPanel account. ... If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance."

Hackers gained access to HostGator's servers late Thursday and began redirecting customer sites to outside web pages that exploit an unpatched VML security hole in Internet Explorer to infect web surfers with trojans. The existence of the new "0-day" exploit of cPanel leaves a large number of hosting companies vulnerable to similar attacks until they install the patch. The riusk is mitigated somewhat by the fact that it is a local exploit, meaning any attack on a host must be launched from an existing account with cPanel access.

HostGator site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages. Company staff made several efforts to reconfigure servers on Friday, only to have the exploits recur. By early Saturday morning, HostGator managers were assuring users that the cause of the redirections had been isolated, and was due to a new exploit targeting cPanel.

More here.

1 Comments:

At Tue Feb 13, 07:49:00 PM PST, Anonymous Anonymous said...

Hostgator host is very good. You can find a lot of reviews about Hostgator on the website http://www.hothosting.info/en. Also, Hostgator is trusted by many of its customers. Obviously, there can not be a very perfect host, since these hosts are of many different features.

The clients should buy a host which meets their needs perfectly. For example, if a person has some experiences with Linux, he or she may choose the host which supports ssh so that it can achieve its perfect performances. Moreover, the e-shop host users can choose a kind production which could provides more after-services.

Go to http://www.hothosting.info/en and have a look, there must be some suitable methods for you in choosing the right hosts. You will know more about the web hosting!Enjoy!

 

Post a Comment

<< Home