Wizard Posted November 27, 2010 Share Posted November 27, 2010 No surprise there. Heliohost has gotten hacked before by djbob's pals. The only reason that Heliohost is running CPanel is that everyone is so used to it that they must have it. However, it has caused many security problems before. That was for seeing whether or not we could allow accounts shell access. Those vulnerabilities aren't in the current config AFAIK. Link to comment Share on other sites More sharing options...
Ashoat Posted November 27, 2010 Share Posted November 27, 2010 Yeah... those guys found a forkbomb vulnerability, but I've since patched it. Link to comment Share on other sites More sharing options...
madvic Posted November 27, 2010 Share Posted November 27, 2010 cPanel said in a message on its user forums: "This has been confirmed and patched. Running /scripts/upcp will fix the vulnerability in all builds. Please note that this is a local exploit which requires access to a cPanel account. Please send information such as this to security@cpanel.net to make us aware. The first communication we received was at 2:15pm CST. If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance. (https://tickets.cpanel.net/submit/index.cgi?reqtype=tickets)" Link to comment Share on other sites More sharing options...
Ashoat Posted November 29, 2010 Share Posted November 29, 2010 We run /scripts/upcp daily. Link to comment Share on other sites More sharing options...
Recommended Posts