Any ADMIN online? Security risk in DA! Important!

Status
Not open for further replies.
eSiK

eSiK

Verified User
Joined
May 10, 2006
Messages
38
Location
Warsaw, Poland
Very important: there is a security exploit in DirectAdmin code! Very dangerous! Please contact me - I am waiting online!
 
Last edited:
Please explain (if you don't want to post it here - send me PM). I guess it's XSS exploit, if yes - you shouldn't worry about it.
 
It is very serious...
There is a bug in DA in which a user (who has an account on your server) can take over any domain on a server and point it (redirect) to any other domain on the same server, even if the domain isn't his/hers. I think this is really serious.
I saw it today on my own eyes :/
 
Please check for this thread, very urgent and critical.

Two days ago I updated to version 1.294 and today all sites hacked. It seems someone logged in as admin to DirectAdmin panel. Password was very strong and I suspected a security hole and found this thread is newly opened. Please someone from DA check it. I stopped Directadmin service at all servers and looked for a version update from DA but it seems there is no update.
 
If someone logs in as admin then that person can do anything they want. That does not describe the problem posted by the OP.
 
Hello,

Please email us at support at directadmin.com if you have any info on this. We have not yet received any information and cannot fix something we cannot see, if it is related to DA at all. Normally exploits are as a result of an admin not keeping things like openssl updated, but you'll have to let us know any information you have that leads you to believe one thing or another.

John
 
yusuf said:
Two days ago I updated to version 1.294 and today all sites hacked. It seems someone logged in as admin to DirectAdmin panel. Password was very strong and I suspected a security hole and found this thread is newly opened. Please someone from DA check it. I stopped Directadmin service at all servers and looked for a version update from DA but it seems there is no update.
Click to expand...

I guess it was http://securityreason.com/securityalert/2534
 
I think this post should be moved into 'System-Level Technical Discussion' or the appropriate forum.

Also I believe posting of new threads in this forum should be turned off unless your an admin/mod.
 
I think DA should be emailing every client they have about these types of issues from the forum if nothing else to warning all to upgrade if thats what is required as many people dont visit the forums on a daily basis, how should they know?
 
GranTW said:
You don't need to visit/read the forums to know that DA have released an update.

http://DOMAIN:2222/CMD_LICENSE
http://directadmin.com/ - homepage
http://www.directadmin.com/versions.php
The DA mailing List.

The update to this vulnerability has been out for around a month or something.
Click to expand...


I never said you did need to visit the forums did I? Read again, i said it would be nice if they submitted a Vuln report to all clients, LIKE EVERYONE ELSE DOES when one is discovered.
 
pucky said:
I never said you did need to visit the forums did I? Read again, i said it would be nice if they submitted a Vuln report to all clients, LIKE EVERYONE ELSE DOES when one is discovered.
Click to expand...

Actually, you kind of did here:
pucky said:
I think DA should be emailing every client they have about these types of issues from the forum if nothing else to warning all to upgrade if thats what is required as many people dont visit the forums on a daily basis, how should they know?
Click to expand...
When you said how should they know if they don't visit the forums, it implied that you can only find it on the forums and no where else.

Also, I have never seen anything like that when I was using Cpanel, I always had to look at their recent news or sign up to their mailing list (which DA has too for version update releases that you can sign up to) to find it out. I don't know if they have changed in recent years but looking at the cpanel website, it seems to be the same.

If you are concerned with receiving security updates, it my be more beneficial to sign up to a security mailing list since they normally include DirectAdmin reports along with Linux (and other control panels) and would keep you better informed of overall security instead of just having DirectAdmin reports.
 
Last edited:
Marshall said:
Actually, you kind of did here:

When you said how should they know if they don't visit the forums, it implied that you can only find it on the forums and no where else.
Click to expand...

Indeed. That's how I took it.
 
Status
Not open for further replies.
Back
Top