cPanel, IE Security Flaws Exploited by Hackers - The Set Up
(Page 2 of 4 )
It’s important to note that the cPanel exploit requires the attacker to have an existing account with the victim that has cPanel access. While that should limit the damage in theory, in practice it was enough to set off all sorts of havoc. From Thursday, September 19, through the afternoon of September 21, hackers were able to take control of hundreds, perhaps thousands, of Windows-based machines using Internet Explorer.
The hackers injected iframe exploits into PHP pages located on web hosts’ servers. The exploits in turn redirected some visitors to sites outside the hosts’ networks. These sites exploited the IE vulnerability and installed malware on users’ computers. How widespread is the problem? Eric Sites, vice president of Sunbelt Software, believes that there are about 20,000 web sites trying to exploit this security issue. Not surprisingly, his company first discovered that hackers were using the IE VML flaw on pornographic web sites.
How could the hackers do this? It was really very simple. The cPanel exploit, according to the company’s thread issuing the security advisory, “allows escalated access.” This means that someone using this exploit that couldn’t normally access other site owners’ pages suddenly can. Worst of all, as previously mentioned it affected every version of cPanel.
The company recommended “updating to the latest EDGE or CURRENT build as these builds include the latest security patch…” and suggested that “You can either run /scripts/upcp from the command line as root, or you can also upgrade from inside WebHostManager by using the ‘Upgrade to Latest Version’ option within the ‘cPanel’ menu.” The advisory on the forums also explained how to apply the patch without upgrading.
HostGator founder and president Brent Oxley admitted that the hackers had used the cPanel flaw to access his company’s servers more than a month before they attacked, keeping a low profile until they struck. “They took control of as many servers as they could and they were building an army,” said Oxley of the hackers. “They waited idly for a month and when the Microsoft exploit came out that’s when they launched the attack.”
It quickly turned into a nightmare, judging from the posts about the issue. “We have everyone working on the situation, even a few CTOs from other companies we know personally,” said a post from GatorBrent in HostGator’s forums. “We can make the problem disappear for a little while but it keeps coming back on a majority of our servers. We believe this is a 0-day exploit with HostGator being the target. We are being completely overwhelmed currently with chat, phones, tickets, etc. We are working on finding the root of the problem so we can put a stop to it.”
More Web Hosting News Articles
More By Terri Wells