Cpanel Boycott - Can you really trust your cpanel host?

[skraps]

Cpanel went on for 2 years with a remote root exploit in exim 4.69(released: 12-27-2007 11:29 AM) that allowed attackers to gain complete control over the servers. Hosts that use cpanel, Hostgator.com and many others. Unlike qmail([URL="qmail.org"]qmail.org[/URL]) that has a track record of zero security flaws. Along with tinydns that has had one security flaw but not a serious one. It only allowed attackers to crash the daemon then it needed to be restarted.

Why is this so serious? Imagine how many E-Commerce sites are built on top of that platform. If you run a cpanel server inside yhour network that has access to the outside world. You could now have crackers using that cpanel box as a base to compromise and attack other computers on the network from. The possiblitiy that a massive DDOS attack was on it's way the 2012 of the internet? Your whole datacenter turns on you.

("200,000 "web site hosting vendors", all cPanel-based, yet uniquely labeled")

("Here's where: more than 98% of these 200,000+ different web hosting brand names in the world will offer you exactly the same cPanel Control Panel and platform, labeled in a different way, with the same price tags!")

Information taken from - [URL="http://tinyurl.com/79tm5xw"]www.resellerhostingclue.com[/URL]

Any site in the past 3 years that has received your personal information , name , address, telephone, and credit card numbers has more than likely been compromised and "black hat hackers"(the evil doers) have your information at their disposal.

A lot of shared servers. Like hostgator.com , and many more here -

[URL="http://tinyurl.com/86wmw6u"]Google Search[/URL]

This is how easy it was for a attacker to gain complete control over these hosts.

[video]www.youtube.com/watch?v=DnSgOGIxjaQ[/video]

Also cpanel prefers performance over security. None of these services include chkrootkit, rkhunter, obscure installs of tripwire. None of the services use chroot for the daemons. http://en.wikipedia.org/wiki/Chroot

10 other web hosting panel alternatives that are free

[URL="http://tinyurl.com/2cdumzd"]10 free cpanel alternatives[/URL]

ISPConfig is a great alternative that is feature rich and even includes multiple server monitoring and virtual machine monitoring/control. This is put together by the people at howtoforge.com , the only thing they ask is if you can, buy a subcription for 6-USD to their site. Where they give the same support and quality tutorials to everyone for free anyways! That is nothing more genuine than that.

Basically every host I have talked to only say they patched their servers. None of them reinstalled the base then reinstalled cpanel. Knowing Hostgator there is no tripwire and most hosting companies would not take the time to ensure the safety of the data. Mainly because that would cost them money and resources. Moving the accounts, going through all the code of the websites looking for malware and web based shells. Last updates made to the most popular root kit checking software on the market. AVG also has a Linux virus scanner but I am unsure of its capabilities. The windows version of AVG is rock solid. ( [URL="http://free.avg.com"]http://free.avg.com[/URL] )

To ensure integrity/safety of the data is by reinstalling the base and then cpanel or a alternative, finally moving the accounts back to the servers is the only solution. This is because chkrootkit and rkhunter only have been trained to find known root kits in common places. This does not include back doors implanted into obscure places. This does not include checking the kernel for mods that enable a attacker to compromise the host.

Last updates to these pieces of software -

2009-30-9 rkhunter

2010-11-17 - chkrootkit



Responses from a couple cpanel hosts:

Hostgators Responses:

Quote:Live Chat Powered By Live chat powered by GatorChat Rate And Exit Rate / Exit

Your Chat ID is: 5126762. Your initial question is:: My Domain Name is:"techjunkies.com"

Welcome to GatorChat!

You are being connected to a representative in our Technical Support department right now.

For immediate answers to your questions, check out our knowledge base and video tutorials at http://support.hostgator.com/.

(2:10:55pm)SystemCustomer has entered chat and is waiting for an agent.

(2:13:15pm)Leslie A.Welcome to HostGator LiveChat. My name is Leslie. I'd be glad to assist you today with your inquiry.

(2:13:17pm)Leslie A.Hello, John!

(2:13:19pm)Leslie A.How may I assist you today?

(2:13:30pm)John WalkerWhats this ?https://www.facebook.com/pages/Boycott-C...7710917547

(2:13:38pm)John WalkerI found it on facebook

(2:15:46pm)Leslie A.After glancing over the article, I can see that they mention us, but I have no knowledge of this "exploit", and I can assure you we have full security on all our servers.

(2:16:01pm)Leslie A.This page was made without our knowledge, and I cannot comment directly on the subject.

(2:16:23pm)John WalkerThank you. Good bye.

Quote:Your Chat ID is: 5126817. Your initial question is:: My Domain Name is:"Mashable.com"

Welcome to GatorChat!

You are being connected to a representative in our Billing department right now.

For immediate answers to your questions, check out our knowledge base and video tutorials at http://support.hostgator.com/.

(2:21:29pm)SystemCustomer has entered chat and is waiting for an agent.

(2:23:26pm)Grant C.Welcome to HostGator Live Chat. My name is Grant, I would be more than happy to assist you today.

(2:23:37pm)John MayersWhats this? https://www.facebook.com/pages/Boycott-C...7710917547

(2:24:11pm)Grant C.Looks like a facebook page for people who dont like cPanel.

(2:24:48pm)John MayersIt says that all cpanel server where compromised by a security flaw that was in the wild for 2 years before being discovered

(2:24:54pm)John Mayersservers*

(2:25:23pm)John MayersDi you guys patch the servers?

(2:25:38pm)Grant C.Oh, yes, that was a while ago, we took care of that, John.

(2:25:53pm)John MayersSo all the server where just patched?

(2:26:13pm)Grant C.Yes, we ran the cPanel patch over a month ago.

(2:26:34pm)John MayersThanks that makes me feel so much better about the whole issue

(2:26:59pm)Grant C.I am happy to hear it, John.

(2:27:00pm)Grant C.Is there anything else I can clear up for you/do for you to bring resolution to this issue?

(2:27:13pm)John MayersNope I was just concerned.

Routehosts Response:

Quote:Hi,
Thanks for the update. We've already installed necessary security patches to avoid such vulnerabilities.

Regards
Support Team
----------------------------------------------
Ticket ID: #546697
Subject: Exim 4.69 major problem
Status: Answered
Ticket URL: http://secure.routhost.com/viewticket.ph...c=BahshgvT
----------------------------------------------

Hurdles pushing this information to the public -
Grub Help mailing list -

Greg implicitly states he knows a person that works at one of the two companies. Then proceeds to calls this a scam and me a fraud. Greg and Mark then decided to move the argument off list and proceed to call me a liar after moving the private message he sent me that was vulgar to the public list saying I am a fraud/liar because I changed the reply to the group and not directly to them. I admit I'm not the best but I am not scamming anyone about these issues.

Emails of the conversations and these are also available via the mailing list archives publicly search able on google.

[URL="http://www.mediafire.com/?j30de481uyj1oac"]email1[/URL]

[URL="http://www.mediafire.com/?x088yxb07j8ow84"]email2[/URL]

[URL="http://www.mediafire.com/?eic2c4byi4zqq1s"]email3[/URL]

Web Hosting Talk -

Then on web hosting talk I started a thread called "Boycott Cpanel". That was shutdown after about a hour after mentioning the connections between the site and having hostgator employees as their own content curators. I also mentioned the connections between cpanel and hostgator. I even went as far as I posted a message and link back to the facebook boycott page and my account was then banned. Apparently touching on the sensitive areas of their operations they try to keep quite upsets them.

[URL="http://tinyurl.com/6ptrwgy"]Webhosting talk thread[/URL]

[URL="http://tinyurl.com/74hl4f4"]PDF[/URL]

To hosting companies -

By using cpanel, you are supporting your competition. Hostgator and cpanel routinely trade employees and small amount of evidence can be found on likedin. You can see from the profiles on linkedin. If your a good admin at cpanel you get sent to hostgator. If your a good programmer or one of the trusted higher ups with a impeccable background you get sent to cpanel.

Nate Custard
[URL="http://tinyurl.com/738l5m6"]PDF[/URL]
[URL="http://tinyurl.com/7m6spwg"]Linkedin[/URL]

Josh B. -

[URL="http://tinyurl.com/8yaokav"]PDF[/URL]
[URL="http://tinyurl.com/7mfg92y"]Linkedin[/URL]

Chris B. -

PDF copy - [URL="http://tinyurl.com/8ydvcpe"]PDF[/URL]
Linkedin - [URL="http://tinyurl.com/6lhtdku"]Linkedin[/URL][/quote]