cPanel, IE Security Flaws Exploited by Hackers - The Fallout
(Page 3 of 4 )
To its credit, cPanel had a fix out in a real hurry once it was informed of the problem. Meanwhile, HostGator contacted some of its competitors to discover whether they, too, were affected by the exploit. After learning that they were indeed having problems, HostGator passed the fix along to them. The web host said that it also worked with others to develop an additional version of the patch and tried to make sure the problem was fully resolved.
Some other web hosts were more fortunate than HostGator, or had more warning before they were hit. Upon hearing about the vulnerability, FastServers.Net began updating its cPanel systems; the company completed an update on more than 900 cPanel servers in less than 48 hours. It no doubt helped that they were very experienced with the software, having used cPanel since 1997. “I am very pleased with our security response team’s ability to provide what I consider record-breaking deployment of the patch,” beamed Matt Doyle, director of West Operations for the web host.
But where does that leave companies that weren’t quite so fast – or might not be quite so fast next time? “There’s really not much you can do since it’s cPanel and it’s out of our control,” Oxley observed. “They have the source, which means they’re the only one that can secure it. There are exploits every day; I’m sure there are going to be many other exploits to be discovered.”
But you can expect that web hosts will not be content to sit and wait for cPanel to handle it. In fact, one of the victims, web host Network Redux wrote a letter to cPanel about it. In the letter, the web host requested that cPanel engage security consultants for a full security audit of the software’s code base. As reasons for the request, it gave “the evidence of a local privilege escalation compromise, the large scale issues experienced by the HostGator group, and the closed source nature of your management platform…” Apparently Network Redux, and the six other web hosts on whose behalf it sent the letter (HostGator, BlueHost, Rails Playground, Clear-Data Internet Services, Myriad Network, and HostingZoom) have become so uncertain about the security of cPanel’s platform that “At this point in time we require assurance from a third party entity that your code base provides a secure operating environment for our users.”
More Web Hosting News Articles
More By Terri Wells