Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > RZ Security Hole? Need Advise Please
RZ Security Hole? Need Advise Please
| Posted by Svcs, 07-26-2012, 10:35 AM |
Ref: resellerzoom.com/forum/showthread.php?t=13907
A few days ago I notified RZ that I had discovered that another client on my shared server had somehow gained access to the root and all files were available as directory listings (see screenshots in the thread above) and indexed in search engines.
Over 100 complete database config files, with username and password, were available for viewing via search engines. RZ suspended the account - 12 hours after notifying them - but cached versions of these complete database files still exist right now and apparently RZ is doing nothing about it.
I would greatly appreciate feedback. |
| Posted by user45, 07-26-2012, 10:52 AM |
|
could this be the latest Cpanel "hole" that e2 is facing? :? |
| Posted by Patrick, 07-26-2012, 11:13 AM |
Looks like the symlink "flaw" that was discovered a while back. I say "flaw" because it's more of a feature than anything else but doesn't really have any place on shared servers. Direct their admins to this thread:
http://forums.cpanel.net/f185/how-pr...rs-202242.html
There's a patch from Steven in there that prevents this sort of behaviour. |
| Posted by Svcs, 07-26-2012, 12:12 PM |
Thanks for the feedback, I will do as recommended.
But, wouldn't you believe that the hosting provider has an obligation to inform all users on the server that their db configs along with the user/pass has been compromised?
Getting the cPanel issue patched is very important, but if a worthy hacker gains access to a compromised account - and if they're good enough, the server, isn't it their's to do with what they will? |
| Posted by FastServ, 07-26-2012, 12:23 PM |
Quote:
|
Originally Posted by Svcs
Thanks for the feedback, I will do as recommended.
But, wouldn't you believe that the hosting provider has an obligation to inform all users on the server that their db configs along with the user/pass has been compromised?
Getting the cPanel issue patched is very important, but if a worthy hacker gains access to a compromised account - and if they're good enough, the server, isn't it their's to do with what they will?
|
Without the patch, yes the server is wide open. Doesn't matter how secured the server is otherwise. |
| Posted by BrettB, 07-26-2012, 01:28 PM |
|
ResellerZoom should definitely investigate the issue thoroughly and contact customers on that server. Has your ticket been seen by someone in management at RZ? I would keep pressing the issue until someone in management responds and shows that they're taking it seriously. |
| Posted by Svcs, 07-26-2012, 01:45 PM |
I don't know if you read the thread I referenced, but the very first thing I did is to send an email to all management so as to involve as few as possible. This was 07/23 at midnight. The only response was from their CTO stating, "This is known weakness of shared hosting service since the time shared hosted was started 15~20 years ago on Internet. We have been advising clients to protect their files with database passwords (see point #12 in jaguarpc.com/support/kbase/731.html)"
I've been completely blown off.
...no response from management in the thread referenced above. It dates back over two days ago. I'm livid,... the blatant disregard for security is just staggering.
Anyone have recommendations for good, yet affordable hosting?
Seriously, thanks for all of the feedback,... it's greatly appreciated. I feel abandoned over there. |
| Posted by Zachary McClung, 07-27-2012, 05:34 PM |
Quote:
|
Originally Posted by Svcs
I don't know if you read the thread I referenced, but the very first thing I did is to send an email to all management so as to involve as few as possible. This was 07/23 at midnight. The only response was from their CTO stating, "This is known weakness of shared hosting service since the time shared hosted was started 15~20 years ago on Internet. We have been advising clients to protect their files with database passwords (see point #12 in jaguarpc.com/support/kbase/731.html)"
I've been completely blown off.
...no response from management in the thread referenced above. It dates back over two days ago. I'm livid,... the blatant disregard for security is just staggering.
Anyone have recommendations for good, yet affordable hosting?
Seriously, thanks for all of the feedback,... it's greatly appreciated. I feel abandoned over there.
|
I am very sorry that you feel that you have been blown off. This was not our intention at all. We take security very seriously here and we are looking into all available options to secure our servers even further so this does not happen again. This will take time though due to the fact that each server has multiple customers on it and each customer runs a different set of scripts. We need to make sure the potential changes we make do not harm additional users. Thank you for your patience and loyalty. If you need anything please let me know. I would be happy to help. |
| Posted by Svcs, 07-27-2012, 07:09 PM |
Thanks for the reply. This is not the apology I'm awaiting,... You know, I can't argue with RZ anymore, at least for now,... I'll leave it for others to decide for themselves. They can read this thread -- resellerzoom.com/forum/showthread.php?t=13907 -- and this thread (for RZ forum subscribers only) -- resellerzoom.com/forum/showthread.php?t=13846 -- and I'll be happy to let intelligent people decide for themselves. All you have to do is look at date stamps and responses. How can I not feel blown off?
Have you notified the people who have had their databases compromised? No,... not that I'm aware of,... not that I've seen,... I've not received an email about the situation. This means ALL accounts are STILL at risk, which means even though I've changed my database user/passes for my accounts I'm still at risk because the other users are not even aware.
Again, I'll let others decide for themselves, but I'm a customer of 6+ years and I've tried to work with you, but I'm treated like the enemy. As we say in the US deep south, I'm tired of doing your bird doggin'... meaning I've taken an extraordinary amount of time out of my life doing your research and providing your answers. What are you going to do for me?
Now you'll have to excuse me,... I'm prepping my son for his return to college where he's studying chemistry and environmental sciences in an attempt to save man from himself. |
| Posted by Svcs, 07-27-2012, 09:02 PM |
|
user45, FastServ, BrettB & especially Patrick,... no telling how many accounts you spared from being hacked and none of them will ever know. So, on their behalf, my most sincere thanks for taking the time to respond to this post. |
| Posted by Steven, 07-27-2012, 09:55 PM |
Quote:
|
Originally Posted by Svcs
user45, FastServ, BrettB & especially Patrick,... no telling how many accounts you spared from being hacked and none of them will ever know. So, on their behalf, my most sincere thanks for taking the time to respond to this post.
|
Typically, it will be a server wide compromise. |
| Posted by M Bacon, 07-27-2012, 10:40 PM |
|
What about Cloud Linux's Cagefs? Would that work? |
| Posted by Steven, 07-28-2012, 01:11 AM |
Quote:
|
Originally Posted by M Bacon
What about Cloud Linux's Cagefs? Would that work?
|
Cloudlinux Securelinks would work. |
| Posted by techjr, 07-28-2012, 01:18 AM |
Quote:
|
Originally Posted by M Bacon
What about Cloud Linux's Cagefs? Would that work?
|
I believe implementing that solution still allows that security exploit to work, but when done and the client goes to a higher directory, all they can see is their data regardless. So it does secure you. At this point, I'm not a huge fan of Cloudlinux just yet but using it will or should add an extra level of security.
cPanel really needs to fix some of the exploits at hand and start implementing them within months not years.
Though this isn't exactly their problem to solve, they do say
Code:
cPanel & WHM Offers a Robust API and Several Scripts That Automate Otherwise Tedious System Administration Tasks
and fixing this exploit on servers is certainly a system Administration Task and is certainly something that needs to be dealt with on all shared hosting servers. So it should be automated or handled by cPanel. |
| Posted by papi, 08-02-2012, 10:40 PM |
Steven made that patch available months ago. Cpanel should have asked for his permission to use it and made a donation for his efforts.
Instead they're playing the "its not our problem" card like anyone cares who fixes it as long as its fixed. Thousands of hacked accounts and god knows how many hacked cpanel servers could be prevented with a simple change in attitude by cpanel staff. |
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
