Cpanel Gives Way To Hackers To Exploit HostGator

According to HostGator, on September 23, 2006, a group of hackers hacked the company's servers using the latest susceptibility in cPanel, a net-based graphical control panel device, used extensively by the Internet hosting providers.

"I can inform you exactly that it's certainly owing to cPanel's action allowing root entry, that all cPanel computers are attacked. This problem strikes all variants of cPanel, from what I infer, from the earliest to the present issues, together with Stable, Release, Current and Edge," stated Tim Greer, HostGator's system administrator.

cPanel has offered a solution to tackle this flaw. End users can execute the instruction /scripts/upcp to patch the flaw in all cPanel variants. According to a communiqué displayed on cPanel's message board, "Please observe that this is a regional exploit which necessitates logging in to cPanel's account. In case you think you have been abused due to this weakness, you are invited to present an assistance application for help."

Cyber-terrorists illicitly hacked HostGator's computers on September 21, 2006. They changed the client sites so that they are diverted to internet sites, which attack the unrepaired VML flaw in IE (Internet Explorer) browser of Microsoft. It affects site visitor's machines with malevolent programs. This 'zero-day' attack in cPanel has left numerous web hosting companies at risk, which uses cPanel and have not yet patched the flaw, vulnerable. But, the threat is slightly limited in this situation. The abuse can only be utilized to hack a server through an active user account to enter cPanel devising it as a local fault.

As per site proprietors at HostGator, an iframe command was entered into the site that resulted in diversion to Internet sites having malicious software. Abuses continued to resurface albeit the personnel assayed to handle the matter the following day. Since the cyber-terrorist operated HostGator's cPanel account, it was feasible for cyber-terrorists to relentlessly abuse users although, the network was routinely being cleansed of malevolent programs. HostGator guaranteed that the diversions have been discontinued and on September 23, 2006, it apprized users that the trouble was generated on account of cPanel misuse.

» SPAMfighter News - 9/29/2006