Houston, TX (PRWEB) January 26, 2008
The cPanel Security Team has recognized that the vast majority of affected systems are initially accessed using SSH with no indications of brute force or exploitation of the underlying service. Despite non-trivial passwords, intermediary users and nonstandard ports, the attacker is able to gain access to the affected servers with no password failures. The cPanel security team also recognized that a majority of the affected servers come from a single undisclosed data-center. All affected systems have password-based authentication enabled. Based upon these ﬁndings, the cPanel security team believes that the attacker has gained access to a database of root login credentials for a large group of Linux servers.
Once an attacker manually gains access to a system they can then perform various tasks. The hacker can download, compile, and execute a log cleaning script in order to hide their tracks. They also can download a customized root-kit based off of Boxer version 0.99 beta 3. Finally, the attacker searches for ﬁles containing credit card related phrases such as cvc, cvv, and authorize.
cPanel was formed in 1997 and has since become a leading Web Hosting Control Panel Software provider supplying hosting automation tools to numerous data centers and customers around the world. cPanel offers web hosting software that automates the intricate workings of web hosting servers. cPanel products are used on tens of thousands of servers worldwide to equip server administrators with the tools they need to provide top notch hosting to their customers.
This compromise has been in the media lately and discussions can be found at the following locations:
Linux is a trademark of Linus Torvalds. Apache is a trademark of the Apache SoftwareFoundation. cPanel is a trademark of cPanel, Inc.