cPanel vulnerable to nasty attack! Please Read

Lawrh · 08-04-2009, 11:30 AM

cPanel, Netgear and Linksys have a security hole which hasn't been patched yet. The full story is here:

cPanel, Netgear and Linksys susceptible to nasty attack ? The Register

Basically, if you are logged into cPanel in one tab and surf to an infected site, that site will see your cPanel and take it over. Obviously you would be screwed. cPanels patch is in QA testing and not yet released. For the time being, always log out of cPanel before you visit any website. In fact there is no reason to leave cPanel logged in at all if you are not using it. Expect the best, plan for the worst.

xwishmasterx · 08-04-2009, 12:21 PM

Thanks for the heads up!

Cpanel recommends:

Do not remain logged into any web applications or interfaces while browsing untrusted sites. Always completely log out of browser sessions for sensitive sites when activities have been completed.
Avoid opening SPAM, Websites, or clicking on links that you do not
trust especially URL shortening services found on many social media
sites.
Update your current passwords within cPanel on a regular basis and
maintain strong password discipline.

Read the whole news post from cpanel here:
News - cPanel Inc.

Rudolf Bodocsi · 08-04-2009, 12:26 PM

Hi,

Thanks for information.

Rudolf

Punkaj Dube · 08-04-2009, 04:59 PM

I am a big fan of cPanel and this is really news for me. Thanks for the info.

JWB · 08-04-2009, 05:29 PM

Thanks for the info...

I use Hostgator and they seem to pretty secure...

StephenDavies · 08-04-2009, 05:32 PM

Thanks very much for bringing this to my attention. I have just switched to a hosting company that is using cPanel, my last one had their own front end, so this is all new to me.

TheNightOwl · 08-05-2009, 05:54 AM

I'm pretty sure that in your Settings in cPanel you can select to only allow one user to be logged in at any one time.

This may not prevent an attack due to the vulnerability mentioned above (or maybe it would; I don't know!), but it's worth doing anyway. At least then you know that if you're logged on, someone else shouldn't also allowed to be logged on at the same time.

I don't know if this helps. Teeeeeecccchhhhhhs!

TheNightOwl

08-04-2009, 11:30 AM	#1
Lawrh Ronin War Room Member Join Date: Oct 2008 Location: Near the River Posts: 268 Thanks: 206 Thanked 225 Times in 169 Posts	cPanel vulnerable to nasty attack! Please Read cPanel, Netgear and Linksys have a security hole which hasn't been patched yet. The full story is here: cPanel, Netgear and Linksys susceptible to nasty attack ? The Register Basically, if you are logged into cPanel in one tab and surf to an infected site, that site will see your cPanel and take it over. Obviously you would be screwed. cPanels patch is in QA testing and not yet released. For the time being, always log out of cPanel before you visit any website. In fact there is no reason to leave cPanel logged in at all if you are not using it. Expect the best, plan for the worst.
	“Strategy without action is a day-dream; action without strategy is a nightmare.” – Old Japanese proverb -

08-04-2009, 12:21 PM	#2
xwishmasterx Active Warrior Join Date: Aug 2009 Posts: 58 Thanks: 4 Thanked 5 Times in 4 Posts	Re: cPanel vulnerable to nasty attack! Please Read Thanks for the heads up! Cpanel recommends: Do not remain logged into any web applications or interfaces while browsing untrusted sites. Always completely log out of browser sessions for sensitive sites when activities have been completed. Avoid opening SPAM, Websites, or clicking on links that you do not trust especially URL shortening services found on many social media sites. Update your current passwords within cPanel on a regular basis and maintain strong password discipline. Read the whole news post from cpanel here: News - cPanel Inc.
	My Social Network Site: Board of Directors Social Network A Social Network that pays!

08-04-2009, 12:26 PM	#3
Rudolf Bodocsi Warrior Member Join Date: Aug 2009 Location: Tewkesbury, UK Posts: 12 Thanks: 2 Thanked 0 Times in 0 Posts	Re: cPanel vulnerable to nasty attack! Please Read Hi, Thanks for information. Rudolf

08-04-2009, 04:59 PM	#4
Punkaj Dube Yours Truly War Room Member Join Date: Oct 2008 Posts: 128 Thanks: 6 Thanked 3 Times in 3 Posts Social Networking Contact Info	Re: cPanel vulnerable to nasty attack! Please Read I am a big fan of cPanel and this is really news for me. Thanks for the info.

08-04-2009, 05:29 PM	#5
JWB HyperActive Warrior Join Date: Oct 2008 Location: Circle Pines, MN Posts: 132 Thanks: 0 Thanked 5 Times in 5 Posts	Re: cPanel vulnerable to nasty attack! Please Read Thanks for the info... I use Hostgator and they seem to pretty secure...
	URGENT...Over 1000 new members are joining the Pre Launch every single day....Extremely Time Sensitive Information!

08-04-2009, 05:32 PM	#6
StephenDavies HyperActive Warrior War Room Member Join Date: Jul 2009 Location: Shropshire, UK Posts: 143 Thanks: 60 Thanked 15 Times in 11 Posts	Re: cPanel vulnerable to nasty attack! Please Read Thanks very much for bringing this to my attention. I have just switched to a hosting company that is using cPanel, my last one had their own front end, so this is all new to me.
	Project 26 - The Secrets To Online Riches - A 166 page blueprint sharing step-by-step methods to actually making money from a genuine online business.

08-05-2009, 05:54 AM	#7
TheNightOwl Gatchaman fan War Room Member Join Date: Sep 2008 Posts: 546 Blog Entries: 1 Thanks: 225 Thanked 103 Times in 66 Posts	Re: cPanel vulnerable to nasty attack! Please Read I'm pretty sure that in your Settings in cPanel you can select to only allow one user to be logged in at any one time. This may not prevent an attack due to the vulnerability mentioned above (or maybe it would; I don't know!), but it's worth doing anyway. At least then you know that if you're logged on, someone else shouldn't also allowed to be logged on at the same time. I don't know if this helps. Teeeeeecccchhhhhhs! TheNightOwl
	Membership Sites: Where the real money's at. Fancy getting your slice of the pie? Click here. Who is Gatchaman?