28th February 2013
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
|
|
Hacker break-in at cPanel saw SSH trojans deployed
From http://h-online.com/-1814039
Quote:
Hackers broke into a server at cPanel.net, creators and vendors of the cPanel web hosting control panel for Linux, BSD and Windows servers, and proceeded to install SSH rootkits and compromised OpenSSH packages on customer systems. Once the attack had been discovered, the company initially emailed its customers last week, calling on them to update their administrator passwords.
[snip]
The company doesn't comment on the speculation that it had been a victim of SSH-abusing Linux rootkits. It does say though that administrators should check their systems for one of two SSH-abusing rootkits. One, as reported, involves a trojanised libkeyutils, while another saw compromised OpenSSH binaries with trojan code in sshd, ssh, ssh-keygen and ssh-askpass deployed. The company offers a page http://go.cpanel.net/checkyourserver which includes instructions how to check for the trojan SSHs.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Last edited by J65nko; 2nd March 2013 at 12:11 AM.
|