abujenin Posted September 24, 2006 Share Posted September 24, 2006 Are TCH servers vulnerable with this security hole in cpanel? http://news.netcraft.com/archives/2006/09/..._mass_hack.html Quote Link to comment Share on other sites More sharing options...
stevevan Posted September 24, 2006 Share Posted September 24, 2006 I know TCH takes security VERY seriously, which is why I have stayed with them longer than any other host (even a hosting company I worked for!). I'm sure they're on top of the exploit, but for obvious reasons, I don't think anyone will or should confirm nor deny it. Quote Link to comment Share on other sites More sharing options...
Madmanmcp Posted September 24, 2006 Share Posted September 24, 2006 The riusk is mitigated somewhat by the fact that it is a local exploit, meaning any attack on a host must be launched from an existing account with cPanel access. This is good to hear. It means it will be difficult to do to just any host without first purchasing or owning an account. Yes they can purchase one but this will add to the work involved and make it more difficult. We may not be 100% safe but with thousands of hosting companies out there our odds are lower. Thanks for the heads up. Quote Link to comment Share on other sites More sharing options...
telcor Posted September 24, 2006 Share Posted September 24, 2006 Although it is limited to local account privilege escalation, combine it with a security hole in a web app that compromises an account and it's easy to gain the access needed. Or key loggers installed on compromised Windows machines that grab the login info for a hosting account. There are numerous ways to exploit this, without having an account on a cPanel server. I'm not attempting to fear-monger, just providing some examples of attack vectors. Quote Link to comment Share on other sites More sharing options...
abinidi Posted September 25, 2006 Share Posted September 25, 2006 As stevevan said above, TCH monitors security-related issues closely, and updates their software accordingly. If you want to verify that your site isn't at risk, though, you can probably log a help desk ticket. That way a paid staff member will respond to your query. Best wishes, Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted September 25, 2006 Share Posted September 25, 2006 This issue has been patched by cPanel and we pushed it out to all servers as soon as cPanlel notified us. Quote Link to comment Share on other sites More sharing options...
abinidi Posted September 25, 2006 Share Posted September 25, 2006 Thanks for the reply, Dick! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.