http://webhostingtalk.com/showthread.php?p=4342434
We got hit by exactly the same issue, as anyone heard of it ?
I
We got hit by exactly the same issue, as anyone heard of it ?
I
Vulnerability of directadmin ?
- Thread starter netswitch
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
What issue ... the original poster says he's not posting the specifics. Surely you don't expect me to read four or five pages of post to know what you're writing about, do you?
DirectAdmin is a C++ compiled program, what kind of vulnerability could affect both CPanel and DA?
Or is it affecting something else on DA servers?
Inquiring minds want to know
.
Jeff
DirectAdmin is a C++ compiled program, what kind of vulnerability could affect both CPanel and DA?
Or is it affecting something else on DA servers?
Inquiring minds want to know
.Jeff
Hey,
The vulnerability was in cPanel and allowed root access when exploited.
What got everyones attention was that Hostgator was hit (cPanel) and customer sites were redirected to a site(s) which exploited a VML vulnerability in IE.
Also, in order to exploit the vulnerability in cPanel you had to have an account on a cPanel server.
It was/is a cPanel vulnerability... not DA.
David
The vulnerability was in cPanel and allowed root access when exploited.
What got everyones attention was that Hostgator was hit (cPanel) and customer sites were redirected to a site(s) which exploited a VML vulnerability in IE.
Also, in order to exploit the vulnerability in cPanel you had to have an account on a cPanel server.
It was/is a cPanel vulnerability... not DA.
David
Yep, it sounds that it was a vulnerability in one of a customers hosted script.
We will review the security measures on our servers.
Altough, this kind of hack is frightening, all index.html and index.php pages were downloadin nasty software.
We will review the security measures on our servers.
Altough, this kind of hack is frightening, all index.html and index.php pages were downloadin nasty software.
Hey,
No, it was a vulnerability in cPanel... With root access you can do anything which is why the customer sites were compromised.
When those sites were redirected to another site that's where the VML vulnerability was exploited... That was a vlunerability in IE.
David
No, it was a vulnerability in cPanel... With root access you can do anything which is why the customer sites were compromised.
When those sites were redirected to another site that's where the VML vulnerability was exploited... That was a vlunerability in IE.
David
This is the IFRAME hack and we saw this about 3 weeks ago. They are also using brute force attacks using FTP to find an account that has a weak password. If possible, they prefer to break into an account to do it since its considered a local account. Make very sure that nobody can read your /etc/passwd file. That way you keep the usernames on the server unknown to brute force attackers and they wont be able to get the usernames on the server. If you have strong mod_security rules you are safe. Safe in that you passwd file is protected from being sniffed and IFRAME rules MUST be in place.