Cpanel flaw used for malware redirects
According to Netcraft, HostGator’s servers were compromised due to a 0-day cpanel exploit. Iframes redirected to a site serving up VML exploits to unlucky surfers.
Hostgator says they’ve fixed it, and there’s a fix on cpanel’s website. But any webhost that hasn’t fixed cpanel, and has an account under control of a bad guy with the exploit - is a sitting duck.
November 18th, 2006 at 8:48 pm
Hello,
You seem to know something about cPanel. I don’t know why but I keep getting this cPanel pop up when I access my blog page. Is there a problem? It’s really irritating. Can I get rid of this?
Thanks so much.
Davyd
January 22nd, 2007 at 2:59 pm
Hi SpamHuntress!
I keep getting spam like below.
Abuse@nswebhost.com refuses to do anything about it without actual IP logs from wordpress, which I don’t have access to.
Is there anything I can do?!
They come from that same IP. Every time. For weeks. They wont stop. How can I stop them?!
———- Forwarded message ———-
From: support@wordpress.com
Date: Jan 22, 2007 3:43 PM
Subject: [Clint’s blog] Please moderate: “Best Subject for a Spam Email.”
To: Clint@acm.vt.edu
A new comment on the post #23 “Best Subject for a Spam Email.” is waiting for your approval
http://clintjcl.wordpress.com/2004/12/27/best-subject-for-a-spam-email/
Author : rachael (IP: 66.246.252.42 , saratoga.nswebhost.com )
E-mail : rachaelwatson@yahoo.com
URL : h*tp://www-home-mart.info
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=66.246.252.42
Comment:
i love new york!
January 23rd, 2007 at 11:23 am
@ClintJCL - Ask your ISP to provide these log files for you. Try to put .htaccess file on your blog. Ask your ISP to block them etc…
April 26th, 2007 at 12:50 pm
Lemat - that approach wont work. These spams are not going through my ISP. Nor is my blog self-hosted; it’s wordpress (hover over my name to see that). So, my ISP has zero to do with it. So there are no logs that can be provided by them. Hence, I have no idea.
It finally stopped, however.