Critical Update Notice

[HG_]

Thanks for the quick replies, guys.

Now to go for a full os restore or for the fix? (On second thoughts, maybe not a restore as such, but a 'restore' to a sceure version of cPanel).

One major-league problem is that my DC arent responding to Trouble Tickets, which really doesn't help!

Presumeably, an os restore would then mean a restore of clients sites, etc? Apologies, I'm a bit of a newbie being thrown in at the deep-end.

 

[TAWHosting]

Originally posted by thechronic
Can I do that remotely? Do you know any links that explain how to do this.

your datacenter / server hoster will have to do this for you

 

[TAWHosting]

Originally posted by HG_
Thanks for the quick replies, guys.

Now to go for a full os restore or for the fix? (On second thoughts, maybe not a restore as such, but a 'restore' to a sceure version of cPanel).

One major-league problem is that my DC arent responding to Trouble Tickets, which really doesn't help!

Presumeably, an os restore would then mean a restore of clients sites, etc? Apologies, I'm a bit of a newbie being thrown in at the deep-end.

Os restore is basically a reformat of the system, so make sure what you need was backed up before the server was compromised, dont make a backup now as you risking copying over compromised files.

 

[HG_]

I was assuming as much.

As far as I can tell, the box wasn't compromised until around lunchtime (GMT) yesterday, and I have clients stuff backed up @ aound 4-6 hours before that.

Any sort of os restore and subsequent actions are, however, impossible until the DC replies!!!

 

[myusername]

Originally posted by eos1
I agree with this.

"lack of communication"
cPanel does not offer phone support, then, at least, please email us.
cPanel has all email addesses of cPanel license owners!

I believe cPanel's server was down today for a few minutes. (couldn't access cpanel.net or forums.cpanel.net) Well, looks like only 1 or 2 servers??? no backup servers...!?

Also, please test more servers before releasing any upgrade versions.
So, we don't need to worry about upcp.
http://forums.cpanel.net/showthread.php?s=&threadid=21499

I would venture to guess every one on cPanel forums is not a license owner and likely a few script kiddies who have a few hosts in mind that they would like to mess with. Sending an email blast of how exactly to hack a cpanel box is not a good idea.

 

[Big Gorilla]

Originally posted by myusername
Sending an email blast of how exactly to hack a cpanel box is not a good idea.

They don't have to disclose how to exploit the hack, only that a vulnerability has been found and an update should be done immediately, and possibly even as far as what the vulnerable component is (so users can decide to disable it temporarily if they choose and that's possible).

Besides, "how exactly to hack a cpanel box" was already public in these cases.

 

[BeerUser]

WHM 9.2.0 cPanel 9.2.0-R20
RedHat Enterprise 3 - WHM X v2.1.2

Newly installed server.. do I have to do anything guys?? am I safe???

 

[mydomain]

Originally posted by BeerUser
WHM 9.2.0 cPanel 9.2.0-R20
RedHat Enterprise 3 - WHM X v2.1.2

Newly installed server.. do I have to do anything guys?? am I safe???

Doesnt have any security holes in that version however dont assume you are "safe" just because you have the latest cpanel version - you obviously need to look at firewall/iptables, securing /tmp, and other things to make your server secure - updating cpanel is just one of the links in the chain.