Hostgator rocked by hackers via cpanel exploit.

labrocca · 09-26-2006, 02:55 PM

http://www.seopedia.org/internet-mar...-in-mass-hack/

I never been a fan of cpanel. Now you know why.

Scary stuff really.

Quote:

cPanel (all versions) Security Hole Exploited in Mass Hack

Using a new undiscovered security hole, hackers compromised all of HostGator’s servers, and inserted trojans into their client’s websites :

HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. “I can tell you with all accuracy that this is definitely due to a cPanel exploit that provides root access and all cPanel servers are affected,” said HostGator system administrator Tim Greer. “This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current and Edge.”

This happens after the last 650 websites mass defacement, which happend in just a single day. Is it just me or the so called “stable and secure software” is becoming increasingly insecure with each passing day ? Ar we supposed to switch to Windows (Plesk) ? Or just buy hosting packages without Cpanel ? Or actually learn to secure Cpanel better ?

PS: This is a LIVE VML infection video of what happens to a workstation when it visits an infected website (like Hostgator’s hacked websites):

After we visit the infected site, we log into a PayPal account to show you an example of the information that can be stolen. This keylogger operates by indiscriminately capturing the entire contents of EVERY web form on any page — all data entered into your financial, webmail, and Intranet sites can be captured. We added some commentary to the end of the video to provide a brief explanation of what happens behind the scenes.

talkwebz · 09-26-2006, 04:49 PM

OoooO
wow.
cpanel is like phpnuke then. easy to hack. lol

Mia · 09-26-2006, 05:09 PM

I would not say that. Just about anything can be hacked. It is only a matter of time. How fast a developer patches a security hole should be taken into consideration, more than the hole itself.

Millions have happily dealt with holes in the MS OS for years, yet all the while waiting long periods of time for patches. As I understand it cPanel was patched quite quickly.

The best way to secure a computer is to unplug its power from the wall.

**ToddW** · 09-26-2006, 08:33 PM

IE Only problem from what I believe.
Disable VML:
Start-->RUN
Type:
Press Enter

regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

dbay · 09-29-2006, 07:59 PM

dang...it finally happened