Community Forums

Discuss, share and get help from our community of friendly WHMCS users

Close
Login to Your Account
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Join Date
    Jul 2008
    Location
    Northumberland, UK
    Posts
    3,165

    Default cPanel support compromised.

    Hi

    looks like one of their servers the utilize in their technical support department has been compromised.

    Just got this email


    From: [email protected]
    Sent: Friday, February 22, 2013 12:48 AM
    To: ***********

    Subject: Important Security Alert (Action Required)


    Salutations,

    You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with "sudo" or "su" for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.

    As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel's security team is continuing to investigate the nature of this security issue.



    --cPanel Security Team
    The Easyhost Media Group
    Niceday Hosting - Affordable Hosting
    The Scamlist - Fighting Against Scammers

  2. #2
    Join Date
    May 2009
    Location
    Pennsylvania
    Posts
    866

    Default Re: cPanel support compromised.

    The email that you and I have received is now confirmed, legitimate.

    As explained in that email, you need to update any of your servers passwords provided to cPanel Technical Support via the ticket system in the past 6 months, right away. This situation is still being investigated, additional information aside from that, is not available at this time.

    As soon as there is additional information available, a more formal announcement will be made available to all.


    Thank you.

  3. #3
    Join Date
    Jul 2008
    Location
    Northumberland, UK
    Posts
    3,165

    Default Re: cPanel support compromised.

    yes already done. also forced a password change to all clients as if cxompromised could also effect other clients on the server
    The Easyhost Media Group
    Niceday Hosting - Affordable Hosting
    The Scamlist - Fighting Against Scammers

  4. #4
    Join Date
    Aug 2007
    Location
    UK
    Posts
    969

    Default Re: cPanel support compromised.

    Do we know exactly when the compromise occurred?
    Cheers, Phil

  5. #5
    Join Date
    Jul 2008
    Location
    Northumberland, UK
    Posts
    3,165

    Default Re: cPanel support compromised.

    Quote Originally Posted by openmind View Post
    Do we know exactly when the compromise occurred?
    true

    so far no issues with my server, but i like how they just tell you too change your root password, surely if it has compromised your server then all accounts on the server should also be changing their passwords.

    also when did this happen was their tech server compromised 6 months ago or 6 days ago. they have decided to keep this part secret.
    The Easyhost Media Group
    Niceday Hosting - Affordable Hosting
    The Scamlist - Fighting Against Scammers

  6. #6
    Join Date
    May 2009
    Location
    Pennsylvania
    Posts
    866

    Default Re: cPanel support compromised.

    Quote Originally Posted by openmind View Post
    Do we know exactly when the compromise occurred?
    This is under investigation at this time. More details will be forthcoming.

    Quote Originally Posted by easyhosting View Post
    true

    so far no issues with my server, but i like how they just tell you too change your root password, surely if it has compromised your server then all accounts on the server should also be changing their passwords.

    also when did this happen was their tech server compromised 6 months ago or 6 days ago. they have decided to keep this part secret.
    Stop it, easyhosting. There is nothing being kept secret. Your inflammatory comments do no one here any good.

    Quite frankly, I'm growing tired of needing to post back to you about this sort of comment you like to make, often.

    Stop.

  7. #7
    Join Date
    Jul 2008
    Location
    Northumberland, UK
    Posts
    3,165

    Default Re: cPanel support compromised.

    Quote Originally Posted by Infopro View Post
    This is under investigation at this time. More details will be forthcoming.



    Stop it, easyhosting. There is nothing being kept secret. Your inflammatory comments do no one here any good.

    Quite frankly, I'm growing tired of needing to post back to you about this sort of comment you like to make, often.

    Stop.
    so when did the compromise take place, saying within 6 months could mean 6 months ago or 6 days ago, so it is a valid comment.
    The Easyhost Media Group
    Niceday Hosting - Affordable Hosting
    The Scamlist - Fighting Against Scammers

  8. #8
    Join Date
    Aug 2007
    Location
    UK
    Posts
    969

    Default Re: cPanel support compromised.

    Quote Originally Posted by easyhosting View Post
    so when did the compromise take place, saying within 6 months could mean 6 months ago or 6 days ago, so it is a valid comment.
    Quote Originally Posted by Infopro View Post
    This is under investigation at this time. More details will be forthcoming.
    Answers the question...
    Cheers, Phil

  9. #9
    Join Date
    May 2009
    Location
    Pennsylvania
    Posts
    866

    Default Re: cPanel support compromised.

    You might want to read the message I've posted, and the email you received, again.

    More details will be posted as they are released.

  10. #10
    Join Date
    Oct 2006
    Posts
    3,333

    Default Re: cPanel support compromised.

    If you don't immediately change passwords after *any* third party access you're taking huge chances. Common sense, really. Appreciate the heads up from Cpanel, and waiting patiently for more information, if and when that becomes available.

  11. #11
    Join Date
    Jan 2007
    Location
    The Republic - Texas
    Posts
    280

    Default Re: cPanel support compromised.

    If you don't immediately change passwords after *any* third party access you're taking huge chances. Common sense, really. Appreciate the heads up from Cpanel, and waiting patiently for more information, if and when that becomes available.
    Sounds like common sense to me

  12. #12
    Join Date
    Jul 2010
    Location
    New York, NY
    Posts
    260

    Default Re: cPanel support compromised.

    I have to agree with bear here.
    We don't even provide any logins to our vendors unless is
    A). Absolutely needed.
    B). Is a temp login.
    C). Is logged and traceable.
    D). Has ability to lock down not needed permissions.

  13. #13

    Default Re: cPanel support compromised.

    Hopefully we'll have something soon, thanks for informing us.

    +1 on Bears post - Anyone not doing that is just asking for problems later on down the line .

    /Subed

  14. #14
    Join Date
    Jul 2008
    Location
    Northumberland, UK
    Posts
    3,165

    Default Re: cPanel support compromised.

    News from cPanel

    cPanel, Inc. Announces Additional Internal Security Enhancements

    This is a follow up on the status of the security compromise that cPanel, Inc. experienced on Thursday, February 21, 2013.

    As mentioned in our email sent to cPanel Server Administrators who’ve opened a ticket with us in the past 6 months, on February 21 we discovered that one of the proxy servers we utilize in the technical support department had been compromised. The cPanel Security Team’s investigation into this matter is ongoing.

    We’d like to relay additional details about the intrusion that we have gathered with you, and we want to explain what preventative measures we’re putting in place that will introduce additional layers of security to our new and existing systems, already in place. How the server was accessed and compromised is not clear, but we know a few key facts that we’re sharing.

    Here’s what we know:

    * The proxy machine compromised in this incident was, at the time, utilized to access customer servers by some of our Technical Analysts. It's intent was to provide a layer of security between local & remote workstations and customer servers.

    * This proxy machine was compromised by a malicious third-party by compromising a single workstation used by one of our Technical Analysts.

    * Only a small group of our Technical Analysts uses this particular machine for logins.

    * There is no evidence that any sensitive customer data was exposed and there is no evidence that the actual database was compromised.
    Here’s what we’re doing about it:

    Documentation is now provided at: http://go.cpanel.net/checkyourserver which we encourage system administrators to use to determine the status of their machine.

    We have restructured the process used to access customer servers to significantly reduce the risk of this type of sophisticated attack in the future. We have also been working on implementing multiple changes to our internal support systems and procedures as outlined for your information below.

    * Our system will now generate and provide you with a unique SSH key for each new support ticket submitted.

    * We are providing tools to authorize and de-authorize SSH keys and instructions on how to use them whenever you submit a ticket.

    * Our system will generate a single-use username and password credentials for accessing WebHost Manager that are only valid while our staff is logged into your server.

    * Additional enhancements are also planned behind the scene that should be transparent to our customers.

    With these new layers of security in place, it is now possible for our Technical Analysts to service your support requests without you providing your server’s password for nearly all requests involving machines running our cPanel & WHM product going forward. However, we will still offer the ability to provide your password for server migrations, or in the event you cannot use SSH keys.

    cPanel’s Internal Development Team has been working on an automated solution with the end goal of eliminating the need for our Technical Analysts to view any passwords you provide during the ticket submission process. We are testing this solution right now, and hope to have it fully implemented in the next few days.

    cPanel, Inc. understands your concerns expressed over the last few days, and we very much appreciate the cooperation and patience you have provided us during this time as we work through all of this.

    Thank you.
    The Easyhost Media Group
    Niceday Hosting - Affordable Hosting
    The Scamlist - Fighting Against Scammers

  15. #15

    Default Re: cPanel support compromised.

    It is really great to see they are putting in the resources in to improve the security & better assist customers.

    Have these changes already been implemented or?

Page 1 of 2 12 LastLast

Similar Threads

  1. Site Possibly Compromised
    By ramystyle in forum Using WHMCS
    Replies: 8
    Last Post: 08-22-15, 02:13 PM
  2. My whmcs was compromised. In a weird way.
    By DJFireCFH in forum General Discussion
    Replies: 7
    Last Post: 05-01-14, 01:51 AM
  3. My Site Was Compromised
    By saothan in forum Using WHMCS
    Replies: 3
    Last Post: 11-18-13, 02:53 PM
  4. Replies: 5
    Last Post: 07-04-10, 07:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •