Results 1 to 10 of 10
  1. #1
    Full Member TLE's Avatar
    Join Date
    January 21st, 2005
    Location
    Southern California
    Posts
    338
    Exclamation HostGator - cPanel Security Issue
    HostGator is a commonly used hosting provider by ABW members and unfortunately there's an ongoing security issue over there for those on cPanel:
    http://news.netcraft.com/archives/20...mass_hack.html

    From the discussion on slashdot, it seems like cPanel users in general should be aware of this issue:
    http://it.slashdot.org/comments.pl?s...e=thread&pid=0

    Tuan

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Mass infestation of Adware/Spyware via root-kits and backdoor trojans now hit the smug hosting industry. Chat programs, Web2.0 sites like Myspace and all P2P freebee seekers were always vulnerable as the mentality there is that "it's always someone else who'll be a victim". Why not hosting exploits as the key driving force in Ad network supported Adware/Spyware is infestation tricks.

    Might be time the affiliate hosting industries started following the Adwhore money trail and seek a way to stop the affiliate networks and Ad servers to stop monitizing these cybercriminals. Notice how many rogue/bogus Anti- Spyware/Adware programs appeared in this exploit. I spent 2 days cleaning this Hosting Cpanel fubar pile of trojan horse crap from 7 desperate client's systems.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Los Angeles
    Posts
    4,053
    I got hacked last week, Middle East anti-Israel hate stuff. Fortunately, I was checking stats a few times that day and went to update that site and caught it right way. VERY cheap hosting, but open DNS.

    I deleted the files so the search engines wouldn't catch it, moved the backup files on my computer over to my Fastnext account immediately, changed the nameservers and had it moved to FS and running normal within a half hour.

    No scripts, no web 2.0, no nuthin'. Just a simple, static site.

  4. #4
    Full Member felit0's Avatar
    Join Date
    January 18th, 2005
    Location
    Miami, FL
    Posts
    245
    I'm not sure how many of you have dedicated servers, but if you have a dedicated server running cPanel you should follow these instructions to patch your server:

    Code:
    root@server [~]# wget http://layer1.cpanel.net/installer/sec092406.pl
    
    root@server [~]# perl sec092406.pl
    Then verify it worked with this checker:

    Code:
    root@server [~]# wget http://layer1.cpanel.net/installer/cpanel_exploit_checker_092406.pl
    
    root@server [~]# perl cpanel_exploit_checker_092406.pl
    Don't overlook this, as it is a major security hole. There's threads about it all over cPanel forums and WHT.

    If you're on a shared or reseller account, make sure your host is aware and takes the proper steps to secure your server.

  5. #5
    Affiliate Manager
    Join Date
    June 17th, 2006
    Posts
    108
    Cpanel have released a patch last weekend. So even running cpanel update to teh latest will fix that exploit.

    You can do it from the command line /scripts/upcp

  6. #6
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Read all about it and see the extent to which all our hosted sites are one exploit away from being Adwhore infestation traps. http://www.techworld.com/security/ne...65&pagtype=all

    All the affiliate networks and the privacy info peddlers right down to the CPA 3rd world operations monitize these cybercriminals. Thousands of HostGator sites were infesting every single visitor and other hosting operations were just as succeptable. Poor folks like me with Win98 are SOL if web surfing those hacked sites hosted on servers with just the first of the root kits planted.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  7. #7
    Affiliate Manager
    Join Date
    June 17th, 2006
    Posts
    108
    All Ican reccomend you is to switch to Firefox and use at least free version of agnitum outpost firewall (http://www.agnitum.com/). Even when you have some trojan program installed firewall will stop it from commecting ot hacker's home server and notify you about abnormal activity on your PC. It works on win98 as per Agnitum.

    The bad thing Firefox won't support Win98 and ME from the version 2 which now is in beta. So sooner or later you'll have to upgrade your OS

    And the Pro version of agnitum outpost is good in detecting spyware. Being paranoic about security of my home PC I found 4 spyware programs using agnitum. So now I'm even more paranoic and use both Outpost Pro + KAV 6.

  8. #8
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Those with XP just install IE7.0 and definately purchase the 3 system license of MS "OneCare" and be done with it. I do appreciate FastNext jumping on the hosting company panic and scrubbing their servers for the cPanel exploits put out by the cybercriminals pimping for the Adwhores.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  9. #9
    Crazy like a fox suzigeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,096
    I read about it over at the hostgator forums alerted about it in another thread by Ecomcity (thanks)...I'm still miffed that hostgator didn't send out a mass mail alerting to the possibility of our sites being infected.

    I recieved a possible hack attack email from my hackattack service on my VPS but it was after I recently installed a module for perl so I wasn't sure if that caused it.

    When I logged into WHM I did the cpanel patch through the whm interface for my VPS..hopefully that will take care of it although when I scanned for trojans it claimed there were 22 possible infestations but they are impossible to track down. I was informed there are alot of false positives on that scan...so hopefully nothing will occur.

    Everyone needs to batten down the hatches attacks like this are only going to get more sophisticated and more frequent becuase of all the potential money involved.
    Suz~~GearGirl~~

  10. #10
    Full Member
    Join Date
    January 18th, 2005
    Posts
    331
    My Dedi is at The Planet which is where HG is at. Lucky for me I logged into my orbit account and saw the warning. If I hadn't I wouldn't have known about it so I wish they would have sent out an email also..

    I put the patch in right away and have my fingers crossed.
    [SIZE=1][URL=http://www.tastelessandtacky.com]Tasteless and Tacky Gear[/URL][/SIZE]

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. How To Delete Blog From CPanel/HostGator
    By Trust in forum Blogging, Mobile and Social Media
    Replies: 3
    Last Post: June 8th, 2012, 05:01 PM
  2. HostGator cPanel Upgrade broke bunch of stuff
    By acpd in forum Domains & Hosting
    Replies: 9
    Last Post: December 18th, 2009, 11:32 PM
  3. Important Security Issue! All Please Read
    By Kellie aka Ms. B in forum Suspicious Activity!
    Replies: 9
    Last Post: April 20th, 2004, 10:34 AM
  4. has the norton internet security issue been resolved?
    By gagglina in forum Midnight Cafe'
    Replies: 1
    Last Post: January 14th, 2004, 10:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •