cPanel (all versions) Security Hole Exploited in Mass Hack

Using a new undiscovered security hole, hackers compromised all of HostGator‘s servers, and inserted trojans into their client’s websites :

HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. “I can tell you with all accuracy that this is definitely due to a cPanel exploit that provides root access and all cPanel servers are affected,” said HostGator system administrator Tim Greer. “This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current and Edge.”

This happens after the last 650 websites mass defacement, which happend in just a single day. Is it just me or the so called “stable and secure software” is becoming increasingly insecure with each passing day ? Ar we supposed to switch to Windows (Plesk) ? Or just buy hosting packages without Cpanel ? Or actually learn to secure Cpanel better ?

PS: This is a LIVE VML infection video of what happens to a workstation when it visits an infected website (like Hostgator’s hacked websites):

After we visit the infected site, we log into a PayPal account to show you an example of the information that can be stolen. This keylogger operates by indiscriminately capturing the entire contents of EVERY web form on any page — all data entered into your financial, webmail, and Intranet sites can be captured. We added some commentary to the end of the video to provide a brief explanation of what happens behind the scenes.

Read the whole article in Netcraft.

Published by

Cristian Mezei

I am myself.

6 thoughts on “cPanel (all versions) Security Hole Exploited in Mass Hack”

  1. In my opinion Plesk is the best control panel available and it has both Linux and Windows versions. I use Plesk for 2 years now and never had any problems.

  2. Actually, CPanel came promptly with a patch that solve the security problem. Below is their email:

    “An uncompilied mysqladmin script allowed an exploited copy of to be places within the directory location of mysqladmin. This copy of would be given preference by mysqladmin due to the precedence order of perl module searches. A malicious user could then use an exploited copy of to elevate their system access (including root access).

    A patch for this issue has been released. Please note that this is a local issue and a system cannot be compromised remotely. The malicious user must have access to an account on the system to take advantage of this script.”

  3. cPanel is actually the best control panel ever, just because people can fix it rapidly, and use the cPanel forums to get most of their control panel. Plus, staff from cPanel do help you FREE of charge. Plesk is a wreck, v8 has soooo many bugs, that you`d be a millionaire after spending 1 c on every bug. Related to the exploit, I think cPanel isn`t really to blame, as no one really saw the exploit code, or at least it`s not running on the web as public exploit. Till then, i can only assume an addon or a part from cPanel was exploited, and you gotta admit, they did work fast to secure the server. Hostgator is to blame, because they had old components. Not many hosts invest time in upgrading cPanel to the latest builds, and recompiling Apache/PHP to the latest versions.

Comments are closed.