Wizard Posted November 27, 2010 Posted November 27, 2010 No surprise there. Heliohost has gotten hacked before by djbob's pals. The only reason that Heliohost is running CPanel is that everyone is so used to it that they must have it. However, it has caused many security problems before. That was for seeing whether or not we could allow accounts shell access. Those vulnerabilities aren't in the current config AFAIK.
Ashoat Posted November 27, 2010 Posted November 27, 2010 Yeah... those guys found a forkbomb vulnerability, but I've since patched it.
madvic Posted November 27, 2010 Posted November 27, 2010 cPanel said in a message on its user forums: "This has been confirmed and patched. Running /scripts/upcp will fix the vulnerability in all builds. Please note that this is a local exploit which requires access to a cPanel account. Please send information such as this to security@cpanel.net to make us aware. The first communication we received was at 2:15pm CST. If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance. (https://tickets.cpanel.net/submit/index.cgi?reqtype=tickets)"
Recommended Posts