No announcement yet.

FYI: Zero-Day Exploits on HostGator and other hosts

  • Filter
  • Time
  • Show
Clear All
new posts

  • FYI: Zero-Day Exploits on HostGator and other hosts


    I have several sites hosted at HostGator including my vBulletin Forum. They have been up and down for the last few days with little or no explanation from the host.

    We saw this when opening a forum page:
    HTTP/1.1 200 OK Date: Fri, 22 Sep 2006 01:53:37 GMT Server: Apache/1.3.34
    (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4
    PHP/4.4.2 FrontPage/ mod_ssl/2.8.25 OpenSSL/0.9.7a X-Powered-By:
    PHP/4.4.2 Cache-Control: private Pragma: private Content-Encoding: gzip
    Content-Length: 9619 Keep-Alive: timeout=8, max=97 Connection: Keep-Alive
    Content-Type: text/html; charset=ISO-8859-1 ‹ÿÝ]érÛH’þmEøªÙ1-y‚â­Ó¦:»5ãCcÉí™ØØP€HÂJÖLìKìï—Y$%So«ÛTVUVVÞ•õ槓ÇWÿ¸8£x쉋ÏGïΏEe³^ÿÒ>®×O®NÄß»zÿN4k qZ~äÆnà[^½~ú¡"*£8žì×ëwwwµ»v-‡õ«Oõo«IÕËÍ8Õ²fÇvåàåÚîÑvÃnŋÊð,Ø­8¾üαlzfìĆO6NÝÛnå8ðcǏ7¯î'NEôå»n%v¾ÅuøZôGV9q÷üòãæîî ÖÞf³"ê–oneèøNhź5
    n¦žçÄ®/ÚµíZC6z¹öBB¶¼qîï‚ÐŽÒ {ªau„Óqµ×‹ª¶õ§QTU¿:^
    âª~Jô+´«v`Ñwã{ù²zäZhIŸËGÄ ?
    As it turns out, all of their servers were comprimised by a group of hackers using a zero-day exploit that targeted all IE visitors of our forum. Bad thing is it redirected all of our members to a malware site which in turn infected our members PC's with a trojan.

    Hostgator just figured it out tonight but they still can't seem to stop it. More info at the Hostgator website is HERE

    Also news articles here and here

    So if you use HostGator or visit a vBulletin that does, you should patch your PC HERE . Other hosts are reporting attacks as well.

    It has also been advised to change your cpanel password

    It has also been rumored that eBay and Paypal were affected and some other hosts are currently being attacked. For more info, go to Google and search NEWS for "zero day exploit"

    If you operate a vBulletin forum that was attacked you should notify your members to scan and update their PC's like we did.
    Last edited by; Fri 22 Sep '06, 9:40pm.

  • #2
    Thank you for the information about this. Whilst I'm not hosted at HostGator, it seems this is a serious issue for all hosting companies and has occurred because hackers have used a cPanel exploit.

    I host my sites on a VPS and use cPanel/WHM. I noticed earlier a message on my WHM that said:

    A security vulnerability was discovered in cPanel which may result in privilege escalation. This vulnerability can be resolved by updating your cPanel software here. The necessary patch will occur automatically on all servers during the daily execution of upcp. If cron jobs have been disabled on your server, then you should manually update your cPanel software.
    I've run the patch manually to ensure it's done.

    It seems to me that HostGator have worked round the clock and alerted cPanel, who in turn have responded quickly.

    It makes me so angry that people spend their time writing programmes that they know will cause havoc to ordinary users of the web!


    • #3
      Thank you for posting the warning.

      I have updated the cPanel servers i am running myself immediatly.
      Want to take your board beyond the standard vBulletin features?
      Visit the official Member to Member support site for vBulletin Modifications:


      • #4
        Thanks for the info. Thats pretty scary.
        Save ALT + S in FireFox 2.0!

        Vote Now!


        • #5
          You can apply the patch by the following command: wget -q -O - | perl


          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.