HostOnNet.com Forum Index HostOnNet.com
Private Label Reseller Plan
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

cPanel Reset Password Vulnerability

 
Post new topic   Reply to topic    HostOnNet.com Forum Index -> Linux Server
View previous topic :: View next topic  
Author Message
Annie
Site Admin


Joined: 19 Jun 2005
Posts: 23
PostPosted: Thu Feb 02, 2006 6:58 am    Post subject: cPanel Reset Password Vulnerability Reply with quote
A new 'backdoor' was found in cPanel that would allow malicious users to reboot your server, delete files, and gain unauthorized access. Basically you NEED to fix this or risk getting 'hacked/attacked'. The security issue resides with cPanels new 'request a password' feature for accounts. You can disable this feature as detailed below, and also fix the file that allows the malicious code to be executed.

Step1

1 Login to WHM as root

2 Click "Tweak Settings"

3 Scroll down to the bottom and UNCHECK

Allow cPanel users to reset their password via email

4 Click Save

Step 2

5 Login to your server via SSH as root.

6 Type: chmod 600 /usr/local/cpanel/base/resetpass.cgi

7 Type: chattr +i /usr/local/cpanel/base/resetpass.cgi
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    HostOnNet.com Forum Index -> Linux Server All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © phpBB Group. Hosted by phpBB.BizHat.com


For Support - http://forums.BizHat.com

Free Web Hosting | Free Forum Hosting | FlashWebHost.com | Image Hosting | Photo Gallery | FreeMarriage.com

Powered by PhpBBweb.com, setup your forum now!