Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: CPanel Vulnerability Wreaks Havoc with Sites on HostGator

__/ [ I Hate Stock Spams ] on Sunday 24 September 2006 06:29 \__

> Netcraft reports that very many sites hosted on Hostgator were redirected
> to web pages containing the current Microsoft VML exploit.
> 
> The article is at
> http://news.netcra
>
ft.com/archives/2006/09/23/hostgator_cpanel_security_hole_exploited_in_mass_hack.html
> (watch the wrap )
> 
> It does not specify the vulnerability in CPanel, because it is a new flaw
> ("0-day") not known to the public (not the Cross Site Scripting problem
> CPanel fixed in August). The
> vulnerability  needs local access, which limits its use. A compromised
> customer with access to CPanel or a way into the server is required to
> execute the exploit.
> 
> Notwithstanding, HostGator will probably not end up as the only one
> affected by the flaw.
> 
> CPanel has made a patch which can be obtained automagically by performing
> /scripts/upcp in your installation. If you administer a server farm and you
> have more than a few clients using CPanel then have your weekend admin
> install the patch.

I read about this earlier. It seems harmless to those of us who share a
server with sites are not malicious, e.g. if the host harbours no
pornographic content. The motive in this recent hack is the exploitation of
Internet Explorer vulnerabilities by proxy, so to speak.

Speaking of cPanel hacks, I still haven't got my anonymous FTP back. It has
been over a year since my host took it down, due to security threats.

Best wishes,

Roy

PS - I miss this NG. Hello everyone!

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index