09-24-2006, 01:13 PM
Quote:HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. "I can tell you with all accuracy that this is definitely due to a cPanel exploit that provides root access and all cPanel servers are affected," said HostGator system administrator Tim Greer. "This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current and Edge."
cPanel has just released a fix. "Running /scripts/upcp will fix the vulnerability in all builds," cPanel said in a message on its user forums. "Please note that this is a local exploit which requires access to a cPanel account. ... If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance."
Hackers gained access to HostGator's servers late Thursday and began redirecting customer sites to outside web pages that exploit an unpatched VML security hole in Internet Explorer to infect web surfers with trojans. The existence of the new "0-day" exploit of cPanel leaves a large number of hosting companies vulnerable to similar attacks until they install the patch. The riusk is mitigated somewhat by the fact that it is a local exploit, meaning any attack on a host must be launched from an existing account with cPanel access...
full article: http://news.netcraft.com/archives/2006/0..._hack.html
Quote:Hackers have hijacked a large number of sites at web hosting firm HostGator and are seeking to plant trojans on computers of unwitting visitors to customer sites. HostGator customers report that attackers are redirecting their sites to outside web pages that use the unpatched VML exploit in Internet Explorer to install trojans on computers of users. Site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages.
UPDATE: HostGator says its servers were attacked through a previously unknown security hole in cPanel. See our update for the latest details.
HostGator general manager Jason Muni told Security Fix that attackers had "reconfigured an unknown number of Web sites hosted on the company's servers to redirect visitors to a third-party Web site that tried to load the IE exploit." Muni said the company reconfigured all of its 200 servers to address the problem. But as of 5:30 pm EST Friday, some HostGator customers were continuing to report that their sites were compromised and redirecting visitors, indicating the problems were ongoing....
full article: http://news.netcraft.com/archives/2006/0...ploit.html