__/ [ I Hate Stock Spams ] on Sunday 24 September 2006 06:29 \__
> Netcraft reports that very many sites hosted on Hostgator were redirected
> to web pages containing the current Microsoft VML exploit.
>
> The article is at
> http://news.netcra
>
ft.com/archives/2006/09/23/hostgator_cpanel_security_hole_exploited_in_mass_hack.html
> (watch the wrap )
>
> It does not specify the vulnerability in CPanel, because it is a new flaw
> ("0-day") not known to the public (not the Cross Site Scripting problem
> CPanel fixed in August). The
> vulnerability needs local access, which limits its use. A compromised
> customer with access to CPanel or a way into the server is required to
> execute the exploit.
>
> Notwithstanding, HostGator will probably not end up as the only one
> affected by the flaw.
>
> CPanel has made a patch which can be obtained automagically by performing
> /scripts/upcp in your installation. If you administer a server farm and you
> have more than a few clients using CPanel then have your weekend admin
> install the patch.
I read about this earlier. It seems harmless to those of us who share a
server with sites are not malicious, e.g. if the host harbours no
pornographic content. The motive in this recent hack is the exploitation of
Internet Explorer vulnerabilities by proxy, so to speak.
Speaking of cPanel hacks, I still haven't got my anonymous FTP back. It has
been over a year since my host took it down, due to security threats.
Best wishes,
Roy
PS - I miss this NG. Hello everyone!
|
|
