[mdlug] CMS opinions + Possible Vector of recent "haxored" Linux/Apache Servers
Jesse J. Salens
jjsalens at typotech.net
Fri Jan 25 18:15:34 EST 2008
> I just had a thought... This system they are using appears to be a common
> webhosting configuration tool. Is it possible that the compromised Linux
> servers ( <http://www.linux.com/feature/125548> ) could be running this same
> webhosting configuration package?
>
> The last I read, it seems that the most logical explaination has been the
> cracking of root accounts.
>
Off-Topic, but...
There are claims that not only cPanel (the configuration tool) has been hit, but
other webhost interfaces as well. Of course, there's not much in the way of
details from anyone so it's somewhat difficult to know anyone else's actual
configuration.
The word on the street is that most of the servers have allowed root login
over SSH. The attackers are doing a good job of cleaning up after themselves,
not leaving much in the way of logs.
We've (totalchoice) not had any compromised systems due to this.
end off-topicness.
----
Jesse J. Salens
More information about the mdlug
mailing list