View Single Post
  #1   (View Single Post)  
Old 28th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Hacker break-in at cPanel saw SSH trojans deployed

From http://h-online.com/-1814039

Quote:
Hackers broke into a server at cPanel.net, creators and vendors of the cPanel web hosting control panel for Linux, BSD and Windows servers, and proceeded to install SSH rootkits and compromised OpenSSH packages on customer systems. Once the attack had been discovered, the company initially emailed its customers last week, calling on them to update their administrator passwords.

[snip]

The company doesn't comment on the speculation that it had been a victim of SSH-abusing Linux rootkits. It does say though that administrators should check their systems for one of two SSH-abusing rootkits. One, as reported, involves a trojanised libkeyutils, while another saw compromised OpenSSH binaries with trojan code in sshd, ssh, ssh-keygen and ssh-askpass deployed. The company offers a page http://go.cpanel.net/checkyourserver which includes instructions how to check for the trojan SSHs.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 2nd March 2013 at 12:11 AM.
Reply With Quote