Announcement

Collapse
No announcement yet.

FYI: Zero-Day Exploits on HostGator and other hosts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • FYI: Zero-Day Exploits on HostGator and other hosts

    (POSTING THIS IN CASE ANYONE ELSE IS GOING THROUGH THIS)

    I have several sites hosted at HostGator including my vBulletin Forum. They have been up and down for the last few days with little or no explanation from the host.

    We saw this when opening a forum page:
    HTTP/1.1 200 OK Date: Fri, 22 Sep 2006 01:53:37 GMT Server: Apache/1.3.34
    (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4
    PHP/4.4.2 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7a X-Powered-By:
    PHP/4.4.2 Cache-Control: private Pragma: private Content-Encoding: gzip
    Content-Length: 9619 Keep-Alive: timeout=8, max=97 Connection: Keep-Alive
    Content-Type: text/html; charset=ISO-8859-1 ‹]rH’mE1-y‚­Ӧ:5Cc™P€HJLK—Y$%SoTVUVV•“W8x‰‹GΏEe^>ONzN4k qZ~n[^~"*8žwwwv-‡OoI8ղfvvn‹Š,­8αlzf†O6Nn8cǏ7'NEn%vuZGV9q f"–oneNhź5
    nžĮ/ڵZC6zBBq‚Ž {au„q‹QTU:^
    ~J+v`w{zZhIŸG ?
    As it turns out, all of their servers were comprimised by a group of hackers using a zero-day exploit that targeted all IE visitors of our forum. Bad thing is it redirected all of our members to a malware site which in turn infected our members PC's with a trojan.

    Hostgator just figured it out tonight but they still can't seem to stop it. More info at the Hostgator website is HERE

    Also news articles here and here

    So if you use HostGator or visit a vBulletin that does, you should patch your PC HERE . Other hosts are reporting attacks as well.

    It has also been advised to change your cpanel password

    It has also been rumored that eBay and Paypal were affected and some other hosts are currently being attacked. For more info, go to Google and search NEWS for "zero day exploit"

    If you operate a vBulletin forum that was attacked you should notify your members to scan and update their PC's like we did.
    Last edited by dodgeboard.com; Fri 22nd Sep '06, 9:40pm.

  • #2
    Thank you for the information about this. Whilst I'm not hosted at HostGator, it seems this is a serious issue for all hosting companies and has occurred because hackers have used a cPanel exploit.

    I host my sites on a VPS and use cPanel/WHM. I noticed earlier a message on my WHM that said:

    A security vulnerability was discovered in cPanel which may result in privilege escalation. This vulnerability can be resolved by updating your cPanel software here. The necessary patch will occur automatically on all servers during the daily execution of upcp. If cron jobs have been disabled on your server, then you should manually update your cPanel software.
    I've run the patch manually to ensure it's done.

    It seems to me that HostGator have worked round the clock and alerted cPanel, who in turn have responded quickly.

    It makes me so angry that people spend their time writing programmes that they know will cause havoc to ordinary users of the web!

    Comment


    • #3
      Thank you for posting the warning.

      I have updated the cPanel servers i am running myself immediatly.
      Want to take your board beyond the standard vBulletin features?
      Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

      Comment


      • #4
        Thanks for the info. Thats pretty scary.
        Save ALT + S in FireFox 2.0!

        Vote Now!

        Comment


        • #5
          You can apply the patch by the following command: wget -q -O - http://layer1.cpanel.net/installer/sec092506.pl | perl
          ...

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X