cPanel vulnerable to nasty attack! Please Read

by Lawrh
6 replies
cPanel, Netgear and Linksys have a security hole which hasn't been patched yet. The full story is here:

cPanel, Netgear and Linksys susceptible to nasty attack ? The Register

Basically, if you are logged into cPanel in one tab and surf to an infected site, that site will see your cPanel and take it over. Obviously you would be screwed. cPanels patch is in QA testing and not yet released. For the time being, always log out of cPanel before you visit any website. In fact there is no reason to leave cPanel logged in at all if you are not using it. Expect the best, plan for the worst.
#cpanel #read #vulnerability
  • Profile picture of the author BoDSN
    Thanks for the heads up!

    Cpanel recommends:

    • Do not remain logged into any web applications or interfaces while browsing untrusted sites. Always completely log out of browser sessions for sensitive sites when activities have been completed.
    • Avoid opening SPAM, Websites, or clicking on links that you do not
      trust especially URL shortening services found on many social media
    • Update your current passwords within cPanel on a regular basis and
      maintain strong password discipline.
    Read the whole news post from cpanel here:
    News - cPanel Inc.
    {{ DiscussionBoard.errors[1049248].message }}
  • Profile picture of the author Rudolf Bodocsi

    Thanks for information.

    {{ DiscussionBoard.errors[1049267].message }}
  • Profile picture of the author Punkaj Dube
    I am a big fan of cPanel and this is really news for me. Thanks for the info.
    {{ DiscussionBoard.errors[1049928].message }}
  • Profile picture of the author JWB
    Thanks for the info...

    I use Hostgator and they seem to pretty secure...
    {{ DiscussionBoard.errors[1049985].message }}
  • Profile picture of the author StephenDavies
    Thanks very much for bringing this to my attention. I have just switched to a hosting company that is using cPanel, my last one had their own front end, so this is all new to me.
    {{ DiscussionBoard.errors[1049995].message }}
  • Profile picture of the author TheNightOwl
    I'm pretty sure that in your Settings in cPanel you can select to only allow one user to be logged in at any one time.

    This may not prevent an attack due to the vulnerability mentioned above (or maybe it would; I don't know!), but it's worth doing anyway. At least then you know that if you're logged on, someone else shouldn't also allowed to be logged on at the same time.

    I don't know if this helps. Teeeeeecccchhhhhhs!

    {{ DiscussionBoard.errors[1051293].message }}

Trending Topics