[CentOS] Server Hacked: Cpanel

Drew Weaver drew.weaver at thenap.com
Wed Aug 9 16:27:26 UTC 2006


Hm, we have mixed results with security regarding cPanel and CentOs (or any distribution really). It seems like anytime there are forums involved, an insecure /tmp directory, or the default cPanel services all left enabled, you're headed for trouble.

 

That's just my opinion.

 

-Drew

 

 

________________________________

From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Karl Balsmeier
Sent: Wednesday, August 09, 2006 12:08 PM
To: CentOS at centos.org
Subject: [CentOS] Server Hacked: Cpanel

 

Hi, 

 

I have servers of mixed OS, some Centos, some Fedora, and after the flame war that erupted last week (where I said basically nothing and just watched), my server was hacked by this team of hackers, actually their friend:

 

http://www.sibersavascilar.com/

 

This made Karanbir's statements about mixing Cpanel and Centos (any maybe any linux distro) come true very quickly.  If one of the top package maintainers says this, it bears weight.

 

I'd like to know more about this subject, specifically on the package front, for security's sake.

 

Karanbir, can you restate the issues with Cpanel please?  They are trying to recommend CentOS as the OS to install on, and even that Linux Journal article did -and before anyone else wastes their time, -let's get everything out in the open so that there's a pipermail archive trail for future folks 'googling' for info later on pros/cons of using, or avoiding use of, non-complimentary projects/technologies.

 

Is the issue that both parties maintain separate packaging/updating regimes and have little or no successful communication as far as keeping thing secure and up to date?

 

That seemed to be what you said, -and if I had the old email, i'd just run with it's advice.

 

Also, can you list the IRC channels you mentioned last time that contain the various hackers bragging about freshly broken Cpanel/Centos builds?  Freenode right?  Any others?  I've been on IRC back when BITNET was still active and there wasn't even mosaic yet, but have always avoided it after 1992 because of hackers 'sniffing for future targets'.

 

William, Jim, Johnny, -any comments are truly welcome, -anyone really.  Basically i'd like to help stop or curtail the 'open season' this set of circumstances is creating for hackers, -I have already decided to avoid Cpanel on Centos as it is, -my server that was hacked with Cpanel was not a Centos box, and those that have it, have been shut down.

 

The server next to it was *also* hacked, and that *was* a centos machine, with only a yum update from 3 days prior.  Is it really recommeded that I run yum update evry night then?  It was stunning to have a box up for 3 days and then get owned so fast.

 

Luckily this was for my personal business entity, and not my full-time job, which indeed does run 50-70 Centos servers behind layers of firewalls and other protections, and *no* commercial products, only centos packages by Dag or Karanbir.

 

To anyone in the mood for scolding, please hold off OK?  I'm not in the mood for overbearing attitudes right now.  I'm trying to run a business and seek solid answers.  I see Centos as a reliable alternative to commercial offerings *if* you pay careful attention to what the senior staff and relevant discussion groups advise.

 

As for the team of hackers, if anyone knows who this is, or can point out who they might be or how to ban them, -that is also most welcome.

 

Hacked By Crackers_Child

For Peace

DONT WAR !

Greetz : X_Alperen_X, XTech Inc , Metlak, Root_Mor,Dr Hacker, Dr.Jr7 ,Dr,Dermann,Code_Power,CukurOvalý

ALL My Friends

And All SiberSavascilar.Com Members !

  

________________________________

Stay in the know. Pulse on the new Yahoo.com. Check it out. <http://us.rd.yahoo.com/evt=42974/*http:/www.yahoo.com/preview>  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20060809/439a8a56/attachment.html>


More information about the CentOS mailing list