Note: I thought I posted this yesterday, either I forgot to hit submit or a mod deleted it for some reason, if mods dont want this thread up lemme know

I have heard this from a reliabl;e source. Was a recent pretty big site that got hacked, they had a forensic speciliast come in and recover the partitons and such. There is like 500 mb of logs and such related to the hack and I have some info on it. It all started at openssh, not a password login either. The hacker was able to exploit ssh and get in without even showing up as system user somehow.

As far as getting the exploit and exact strings used it was not possible as it is encypted ssh traffic. If someone really knows how to decrypt or read that then I can get you the logs.

Anyway, one of the staff of the site that got hacked- his personal server was hacked with same method, after he upgraded to the latest version of ssh they wanst able to get back in.

So there is defintely an SSH 0day, the current Centos/RHEL SSh versions are all vulnerable. To be on the safe side I advise everyone to upgrade via source or a newer package if you can find one.

One easy way to do it is using the update script from directadmin forums - http://directadmin.com/forum/showthread.php?t=22587 It will work on cpanel servers or any other server as well, is not control panel related. I successfully upgraded mine.

IN yum.conf you need to add *SSH* to the excludes so it doesnt get overwrote with yum update.

I guess I would consider this still a rumor as far as public opinion goes but from what I have seen and heard from various people it is true. it doesnt hurt anything to upgrade so why not to be on the safe side?

If anyone else has any info on this post on it.