aka-2
Sep 25 2006, 09:00 AM
A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE ExploitQUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit. cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix. It's a local exploit, meaning the attacker must control a cPanel account on the target hosting provider." Trap17 uses cpanel tool in its hosting, and a few days ago happend this " Kidnapped Domain?" Do you think it may be the cause? Anybody with this problem? Whatever, sure this exploit will resolved soon.
Reply
BuffaloHELP
Sep 25 2006, 11:05 AM
No. The member who posted regarding misdirected host name was just an isolated incident. The only affected person was the domain owner and the rest of members who replied saw the correct site. That's why I recommended that perhaps a localized spyware might have been redirecting the traffic in the first place. If Trap17 cPanel is at security risk it will also be localized to that member's cPanel. But since the articles do not specify which version of cPanel can be exploited, it's hard to say if Trap17 is safe or not. As far as I can undestand it, it looks like it's limited to HostGator at the moment. Looks like someone/people weren't happy with HostGator?  But the method is not that they were attacking cPanel directly but using unsecure IE to "hack" the cPanle access. QUOTE A remote, unauthenticated attacker can execute arbitrary code on a vulnerable system. This means when a computer user failed or ignored to update to Windows security latest patches the IE browser can pickup this malicious codes that can execute when cPanel is accessed with infected IE. The worse virus for computers is uneducated users 
Reply
Saint_Michael
Sep 26 2006, 03:45 AM
Well I just checked a few sites out for those who auto update the software to cpanel get the patch so they are fine. So if OpaQue did have it set to auto update then we are fine.
Reply
CrazyRob
Sep 26 2006, 04:53 PM
I have to say i use cPanel on a fwe of my servers i dont know if you know but the problem can be solved through SSL and just blocking off the 2082 and 2096 ports in cpanel httpd config then only the ssl pots will be active so the holes will be secured. all cpanel distros autmatically update anaway and all the holes should be fixed for cPanel Evelution (version 12).
Reply
gameratheart
Sep 26 2006, 05:25 PM
If there was a problem with the cPanel that Trap17 uses, then I would be assured by the fact that OpaQue would quickly be made aware of it and endeavour to fix it. And yeah, Saint_Michael is probably right, OpaQue's probably got an autoupdate feature installed on all of our cPanels anyway, so if there was a problem we'd be protected anyway.
Reply
Dooga
Sep 27 2006, 03:51 PM
Most Trap17 members aren't that evil anyways
Reply
aka-2
Sep 28 2006, 03:11 PM
In no way my intention has been expand any rumor, all the oposite. This is a great comunity ang hosting, reason why I'm hosted here.
Reply
CrazyRob
Sep 28 2006, 07:27 PM
cpanel have released the update as critical so all cpanel servers including traps should update automatically. as it installed for me without any interaction what so ever
Reply
Trap FeedBacker
Mar 10 2008, 12:31 AM
HELP!!
Cpanel Exploit
Some one has hacked my cpanal and made a bunch of fake email accounts and they are screwing with my web site every once in a while by doing thing like making the margins 200 and changing file extensions. I have been able to fix this easy and quick but can't have this continue -reply by Adam
Reply
Similar Topics
Keywords : cpanel, exploit, security, hole, cpanel, hack, servers, hosting, company
- Hack Into Cpanel
(6)
White Paper: Security Threat Report: 2008
(0) I saw this white paper and I thought I bring down some interesting information that has come from
2007 and leading into 2008. I have to say though that the information on this white paper is pretty
darn mind blowing as I bounce some facts to everyone. Of course since I been getting into this
since last year it is not all that surprising since I posted many topics about it as well.
-Sophos currently sees 6,000 new infected webpages each day -One infected page every 14 seconds
-Only about 1 in 5 of these sites is a hacker site -83 percent are hacked sites, or legitima....
Security Warning 2008: Top 11 Malware Threats To Watch Out For
(0) Before I go into this topic I have to say, stop making up these crazy names. I know I just getting
into the security side of things but still as long as there are computer problems and ways to sucker
someone into downloading the stuff, the crazy names will still live on. QUOTE Lieware
ADVERTISEMENT In 2007, there was a lot of "rogue anti-virus software," which is sometimes also
referred to as "fake anti-virus software." But these terms are confusing because there's too
much negation going on. Fake anti-virus software is not anti-virus software at all. So what ....
Is Hacking Legal? And What Is Legal To Hack?
Is hacking Legal? And what is legal to hack? (6) Cyber laws are different for different countries.In India the laws are strict but implimentation is
weak.No public awareness is available about hacking.So the question is,Is hacking allowed and legal,
and if not legal then what kind of hacking is legal? For example, hacking your own machine or free
hacking website,etc. What is the play ground to learn and spread legal hacking methods and from
where? thank you.....
Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser?
(4) I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
(my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
Internet Explorer to my default browser and won't let me change certain things which browsers
will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="....
New Security Hole Discovered In Excel
(0) Well I have to same I am bit surprise on this security flaw especially what it can do; in which all
a user has to do is open a malicious Excel document and it allows the hackers to execute remote code
on to your system. As far as how wide spread this vulnerability is, it hits every excel software
from Excel 2000 to Excel 2003 SP2, and it also includes the Mac Version of Excel 2004 as well. OF
course with the disappointment of Office 2007 by some people will still be running the 2003 versions
on their computers. Right now the attacks are minimal and the question for t ....
Security Commom Sense
(0) A very good article titled "Security Common Sense" in gnucitizen.org Below is the link to that
article http://www.gnucitizen.org/blog/security-common-sense Website Link
http://www.gnucitizen.org "We basically train a bunch of monkeys to click the yes button for
every security warning." Don't you think many of us fall under the category? because most of
the time we do not see what the dialog says, but press Yes, which might not treat you well
sometimes... A good read.....
Hack This School Network, Win A Router
(2) Read Story Here Yeah and I love this little quote QUOTE That hasn't deterred some
attackers. Thanks to the publicity surrounding his Wi-Fi challenge, LaRocca says the schools are
being hit by about 16,000 online attacks per day. Still, LaRocca says the insider threat remains
his biggest concern. "All my hackers are inside the network," he said. "I'm not too worried
about the ones from the outside" First off idiot, second moron, and third duh. Now really why
the heck you going to publicize something like that for? If that number is accurate i only c....
Quicktime Zero Day Exploit News And Updates
(1) On monday it was reported that Quicktime 7.2 and 7.3 versions come with a new exploit in which
malware could on to a person's computer through streaming videos. They only mention that XP and
Vista are the only affect systems and no word came about on the Mac operating system. They mention
that a buffer overflow bug was made in which it "contains a stack buffer overflow vulnerability in
the way Quicktime handles the RTSP Content-Type header." For those who don't know what RTSP is,
RTSP is the Real-Time Streaming Protocol which apple uses for its QuickTime softw....
Symantec's Top 10 Internet Security Trends Of 2007
(3) Well I saw this article and after reading it all just to find the top 10 security problems I thought
I share them and give my thoughts about them. I know I know its horrible but what can I say, its me
/laugh.gif" style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" />. 1.) Data
Breaches For the most part I am not surprise especially the big stories of 2007 which include the
TJ Max breach of 45 million credit/debit cards; I believe that has been the biggest hack job ever in
terms of stolen cards and id theft (somewhat). Oh lets not forget the al....
Hack Xp Pro
(6) I have windows XP professional and i have not a clue what the admin password is, does anyone know
how to get round it. /cool.gif" style="vertical-align:middle" emoid="B)" border="0" alt="cool.gif"
/>....
Fight Spam Email
Link to this script on your Hosting Account (0) Have a look and tell me what you think about this little script I have written. The plan is to
have this page on your website, at least in your web account, and when/if the Spam Bots find your
account and start scanning the site, they will see this page full of randomly generated email
addresses which they store into their database and when they go to use the addresses, they are all
bounced back to them instead of being delivered to real email accounts. The page links back to
itself, so each time you reload the page they receive another batch of false email addresse....
Security Guidelines For Internet Users
(6) Security Guidelines for Internet Users 1. Install an anti-virus software, you can free ones like
AVG Free . Ensure that it's regularly updated - this is of the utmost importance. 2.
Anti-virus software is not enough, the security can be tightened using a firewall software which
will help you prevent unauthorized incoming and outgoing communications from your computer while
connected to the Internet. 3. Disconnect your computer from the Internet when not in use. The
longer you are connected to the Internet, the more opportunity you give for persons to gain un....
Php Security Vulnerability - Beware From Spammers
If you notice your site becoming really slow, you may be a victim (1) QUOTE PHP Security If you are using PHP on your website we ask that you please read the
following carefully. We have noticed a significant number of PHP websites are being compromised
due to vulnerable PHP code. Spammers are scanning millions of websites on the Internet looking for
PHP scripts that can be exploited to send spam. When they find a script that has a loophole they
send thousands of email messages through the script, often taking down the website or severely
impacting website performance. Generally these loopholes exploit code using paramet....
Brand New Security Holes Found And Patch On This Month Updates And Office Exploits
(0) Even though the fiasco with the .ANI exploit is still going strong microsoft released it's month
updates this time they found 4 more critical breaches in it's systems (XP), most people should
have gotten the update pop up screen yesterday. So here is the info on these critical flaws.
http://go.microsoft.com/fwlink/?LinkId=84687 http://go.microsoft.com/fwlink/?LinkId=85130
http://go.microsoft.com/fwlink/?LinkID=85163 http://go.microsoft.com/fwlink/?LinkID=85164
http://go.microsoft.com/fwlink/?LinkId=80251 I don't know how reliable vista will be af....
Security Firm Kaspersky Lab Creates Ipod Virus
(1) With the flood of news coming about the .ani exploits it seems the tech world is recieve more news
about new hacks, viruses and other bad stuff these days. Today Kaspersky Lab created a virus that
is able to affect the Ipod, however, it is only affecting Ipod's that have linux installed and
not the standard OS that comes with Ipod. The virus goes by the name of Podloso, although they say
it doesn't show a current threat this virus does show the possiblity to install malware into
devices such as the Ipod. They also mention that the virus does not copy it self....
Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk
Vista Aint that Secure at all (9) I was able to browse around this and found it interesting since this vunerability is found in 4
Microsoft Operating Sytems, Windows 2000, Windows XP, Windows Vista, Windows 2003 Server. From the
article Microsoft stated that their is a hole in the .ani files, which happen to be related tothe
mouse cursor, when the mouse icon changes depending on what you do. They only mention that with
this flaw it always hackers to break into someone computer and do their thing. But in another
article relating to this attack it was mention that in order for this to happen a user has ....
Image Hosting Can Hurt You
(17) Hello; If you are running a website that offers free image hosting, than this is for you ! If
the image hosting script you are using is a bit poor, hackers can use this to upload their "php
shell" and be able to do modifications to your site !!! You might say this wouldn't
happen to you ! ... but it happened with me ... My website is mostly a familly web-site, so all
my familly checks it, and when the hackers acted ... i got humiliated /sad.gif"
style="vertical-align:middle" emoid=":(" border="0" alt="sad.gif" /> ... they put "inapropriate pa....
Zero-day Firefox Exploit
(5) Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
Whats even more scary is they said they have about 30 other flaws found.......
A Very Simple Security Tip
for Windows 2000/XP (13) We all know the difference between a limited user and an administrator user under Win2k/XP - you
can't/can install major software, perform system maintainence, and other stuff. But using a
limited user on a day-to-day basis also provides you with decent protection from a bunch of threats:
if the malware is running under your limited-rights user, it can only do as much as you can. For
instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running
under the same user won't be able to touch that area. It's extremely simple t....
Myspace.com Flash Hack
account hijacked worm and solution (13) Well buffaloHELP just mention and I have confirmed it by many articles myspace accounts have been
hacked or in hte sense that if your account was hijacked then anyone viewing your profile will also
get infected as well. In a article by chaseandsam.com go into detail on how this happen and a
solution to it as well Click here for more ---WARNING--- Also this hack is also a virus in
which a person who is viewing your hacked profile will get their profile hijacked as well. Also
Symantec mentions about it as well Nortan How it was done ---SOLUTION--- ....
Rootkits
the security threats that no one's heard of (2) a security threat to be concerned with is the increasing prevalence of viruses containing advanced
rootkits to hide their actions or data on the computer. even from the anti-stuff tools. a
rootkit was originally a name for tools that hackers/crackers would use to maintain root on
unix/linux machines. root is the uber user with all the permissions on a linux box. on windows
these tools can be used to hide data on the harddrive and in the registry by manipulating the way
the data is stored. THe windows api(the thing windows uses to communicate to the hardware) read....
Security Not Safe
(2) Hi everyone!!!!!!! This is the last one!! /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" /> Ok guys, I heard
somewhere that if we protect some page with password, it is steel not safe at all, if we dont hace a
secure connction (http s ://...) How is it true? is there a posibility that some one can see a page,
even if it is protected by password? (the scrit in tha page don't allow IDs that didn't past
from the login page) is that script sufficent? thanks a lot to every one /biggrin.....
Attention All Ipb Users/admin
Important exploit discovered! (6) Invision Power Board v2.1.6 © 2006 IPS, Inc. This is what it is written on the bottom of the
board. Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql
injection"exploit, a perl script. QUOTE(step28 in the hack) 28. Reload and click on the
username to the admin. You are now logged in as an ADMIN!!! Admins, pm to receive
the link where i found this. with this hack, you can log in with any user without his pass.
It's really easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life... ....
Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login
even if permissions deny this abiltity. (1) A friend of mine was temporarily banned from the computers at my school a while ago after he
accidentially found a way into Task Manager, which is disabled on our network. He has had his
permissions restored now, but has no idea why he got banned in the first place. However, recently he
explained what he did to me, and I tested it. I soon found out that, by accident, we had both
discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
to do with network permissions. Windows XP recieves the permission data from the network as soon....
Firefox Exploit
(0) QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
on what you are running. One of the things the site will do is detect if you have Firefox, and
attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
images Already found to be copying and pasting. Take this time to review our forum rules. Warning.
....
Microsoft Ships First Vista Security Patches
yup, got that right -- VISTA (9) Microsoft Ships First Vista Security Patches http://www.eweek.com/article2/0,1895,1911406,00.asp
QUOTE Microsoft Corp. has shipped the first critical security update for Windows Vista, the
next version of its flagship operating system. Over the weekend, the company released patches for
beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista
Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in
the Graphics Rendering Engine. A Microsoft spokesperson told eWEEK that the Vi....
Light To Heavy Security Tips
Some (helpful?) Suggestions (4) (excessively long intro, skip to 'suggestions' for immediate tips) Its almost 2 am and I
just finished an email detailing some ideas I had to keep systems a little more secure than usual (
tips that can be applied to most any Windows users system ). I dont feel like re-editing it so it
doesnt sound I copied and pasted it from my email, cause I did, and its late. Please note THIS IS
NOT SPAM. I did write all of this, just in an email before I copied and pasted it here. These are
entirely valid and ( I hope ) helpful tips for most anyone. Of course I hate just yap....
Linux Security Tools
(5) Hi, I've posted some security tools and links in my last posts,I preferd to post new topic and
send he extra here : Network Sniffers # DSniff http://www.monkey.org/~dugsong/dsniff/ #
Ethereal - full network protocol sniffer/analyzer http://www.ethereal.com/ # IPTraf - curses based
IP LAN monitor http://iptraf.seul.org/ # TcpDump - network monitor and data acquisition
http://www.tcpdump.org/ # KISMET - 802.11 wireless network detector, sniffer and intrusion
detection system http://www.kismetwireless.net/ Online Tools # AutomatedScanning.com - commer....
List Of Security Sites
(7) List of security sites, I'll try to update the list as soon as I can . with compilations of
recent security threats, Global Incident Analysis Center (GIAC), GIAC training, and Reading Room
http://www.sans.org/ http://www.infragard.net/ http://www.cert.org/security-improvement/
CERT Security Improvement Modules,including general information on firewalls and intrusion
detectors. excellent set of papers on firewalls, viruses, e-commerce, etc. http://www.icsa.net/
http://www.gocsi.com/ (Source of the annual "CSI/FBI Computer Crime and Security Su....
Looking for cpanel, exploit, security, hole, cpanel, hack, servers, hosting, company
|
|
Searching Video's for cpanel, exploit, security, hole, cpanel, hack, servers, hosting, company
|
advertisement
|
|
