back to article cPanel: Reset your root passwords! Hackers broke into our system

Website administration firm cPanel has told The Reg that one of its proxy servers was hacked, potentially exposing customers' administrator-level passwords. cPanel discovered that one of its systems, used to handle technical support tickets, was infiltrated nearly a week ago. The biz, which provides tools for managing Unix- …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Devil

    The Boys from Shanghai..?

    So are help-desk providers being targeted?

    Maybe the rest could, you know, check their logs and stuff?

    1. Anonymous Coward
      Anonymous Coward

      Re: The Boys from Shanghai..?

      Another UNIX based website hacked. Hardly news.

      1. Spoddyhalfwit

        Re: The Boys from Shanghai..?

        Must be Eadon's day off. I'll fill in for him...

        EPIC WINDOWS FAIL

        Um...

  2. This post has been deleted by its author

  3. ecofeco Silver badge
    FAIL

    Not Good

    cPanel is one of my favorite admin panels to use.

    This sucks.

    1. Captain Scarlet Silver badge
      Unhappy

      Re: Not Good

      Dammit I use cPanel because I am lazy >_< (And the virtual server licenses prices arent bad)

      Oh wait I'm to lazy to log support calls, Huzzah Adrenalini!

  4. Anonymous Coward
    FAIL

    Who will save us from these Unix-powered workstations?

    > The biz discovered that a proxy server was hacked by "a malicious third party" through a compromised workstation used by one of its support bods.

  5. Mr Anonymous
    Alert

    Root password

    If you have to give a root password to a support company, change it before you give them access then immediately after too, but be sure to use a different one than you had originally before handing control to a stranger.

    After their assistance, check the root account's history file to see what they have been doing, if only to help you next time the issue occurs.

    Remember, it's not unusual for a root password to be recorded in your history file or a log when logging in remotely and changing user, mistyping or forgetting you just used su!

    1. Anonymous Coward
      Anonymous Coward

      Re: ..to see what they have been doing, if only to help you next time the issue occurs.

      Have done so before with them. It's good fun watching the support guy you're paying your left arm for repeatedly refer to the man pages. :)

    2. Anonymous Coward
      Trollface

      Re: Root password

      export HISTFILE=/dev/null :)

    3. Anonymous Coward
      Anonymous Coward

      Re: Root password

      I hate it when this happens. I have to change the root password and then purge the history file.

      Does anyone have a regex that will detect passwords that are entered at a login or command prompt?

      1. Anonymous Coward
        Anonymous Coward

        Re: Root password

        Oh, where to begin on that one.... let's start with this: Any regex that would match your password, and only your password, would give away your password. Next, to detect it at entry time at the command prompt, you'd have to write a shell script or similar to serve AS your shell - parse your command, check it for the verboten word (without exposing what that word is, mind), and then pass the command on to the shell.

        Or you could just watch what you type.

  6. This post has been deleted by its author

  7. Clyde

    Old news

    Old news : my hosting company posted this a week ago :

    "With most resellers being more technically clued up than a typical end user I thought this topic was best posted in the reseller area, so you have re-assurance and can re-assure your own customers.

    Over the last few weeks a nasty "SSH" compromise has been roaming around, with a large number of hosts infected by some serious hacking incidents as a result. Similarly (and currently suspected as linked) cPanel have announced one of the servers in their tech support department, and possibly their helpdesk ticketing system has been compromised, resulting in possibly 6+ months worth of tech support tickets and associated root login information being stolen.

    For clarity ZERO UH servers have been affected by the matter, and when using cPanel support we've always rotated passwords out after supplying credentials. Similarly the hosts that have been affected seemed to all have allowed "direct root login" with password, something we've never had enabled on our servers (our support team login with keys and never use root passwords for SSH).

    So while you may be reading of a lot of hosting companies having a bad few weeks with all this, your server is clean and will not have been affected thanks to a proper security policy developed over a 14 year period to ensure matters like this cannot spoil our day "

This topic is closed for new posts.

Other stories you might like