Have you done anything to enhance security?

bert

bert

Well-Known Member
Aug 21, 2001
593
0
316
Is the XMB board you guys put on cpanel modified?

I really hope it is and that you are full aware of the security issues with it:
http://www.hackers.com/new/currentnews.php?nid=6
 
bert

bert

Well-Known Member
Aug 21, 2001
593
0
316
I am still waiting for someone from Cpanel to at least let us know if anything has or will be done to enhance security. We don't need features like these. Filling a control panel with crappy scripts creates more of a problem than a convenience.
 
P

patchwork

Well-Known Member
Nov 2, 2001
95
0
316
Maybe they could replace it with phpbb http://sourceforge.net/projects/phpbb/

I have not used it much but it seems like a good free forum system.

Pete
 
A

AbeFroman

BANNED
Feb 16, 2002
644
1
318
customer forum

Does the customers forum come with CPanel? i want to get one!
 
D

dolphyn

Well-Known Member
Nov 27, 2001
72
0
306
cPanel Access Level
Root Administrator
I've looked into this a little more, and it appears to me that the CPanel version of XMB has resolved the issues mentioned in the hackers.com article (though not in the same way as suggested by hackers.com).

The headers.php file begins with [b:6027ab375a]$tempcache = &&;[/b:6027ab375a], which seems to resolve the first issue.

The post.php file includes [b:6027ab375a]if (!is_uploaded_file($attach)){die(&file upload failed&);}[/b:6027ab375a] which seems to resolve the second issue.

HOWEVER, the CPanel installation includes the file [b:6027ab375a]newinstall.php[/b:6027ab375a], which can be easily exploited to delete all of the data, and I suspect this is how my customer's forum was hacked. Anyone using XMB should delete this file.
 
bert

bert

Well-Known Member
Aug 21, 2001
593
0
316
My best recommendation is to remove XMB from the Cpanel skins in use and notify customers who have it that there are serious security risks and recommend their removal. We as hosts have too many duties and responsibilities and it is ridiculous to troubleshoot, work on or improve poorly written software.

I did all of the above and I know I am saving myself a lot of trouble.

My $0.02 ;)
 
A

aventuremedia

Registered
May 7, 2002
2
0
301
Re

Hi, we took over the development in Feb 2002 from the old team.
ALL security issues have been fixed in the new XMB 1.6 Magic Lantern edition, which from what I hear is now available in the latest CPanel.

Richard
Aventure Media
http://www.aventuremedia.com
 
bert

bert

Well-Known Member
Aug 21, 2001
593
0
316
Great! Thanks for letting us know Richard. :)
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M SOLVED Openssl-1.1.1n : Should we update it manually or will it be done by cpanel soon? Security 15
B What are all activities needs to be done before enabling user access ssh? Security 1
P Hardening my VPS, how can I qualify it's done correctly? Security 5
S cPanel behind hardware firewall (if you've done it, please help?) Security 3
M ModSecurity blocking Firefox Indonesian version Security 4
Similar threads
SOLVED Openssl-1.1.1n : Should we update it manually or will it be done by cpanel soon?
What are all activities needs to be done before enabling user access ssh?
Hardening my VPS, how can I qualify it's done correctly?
cPanel behind hardware firewall (if you've done it, please help?)
ModSecurity blocking Firefox Indonesian version
Top Bottom