Page 79 of 102 FirstFirst ... 29697677787980818289 ... LastLast
Results 1,171 to 1,185 of 1523
  1. #1171
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    Quote Originally Posted by ThreadHo View Post
    Possible related ? just released
    Moderate: openssh security, bug fix and enhancement update

    https://rhn.redhat.com/errata/RHSA-2013-0519.html
    Centos 6 only.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  2. #1172
    Join Date
    Feb 2013
    Location
    /dev/null aka Ohio
    Posts
    61
    Thanks for the clarification on the Cent6 only ...
    Also - for the DR Web.

    Dr Web found a few things that the other scans did not...
    nothing big I hope...
    but those are offline @ least now.

  3. #1173
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    What did it find? Please send me what you find.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  4. #1174
    Join Date
    Aug 2004
    Posts
    136

  5. #1175
    Join Date
    Mar 2012
    Location
    Tampa, FL =)
    Posts
    1,748
    Finally some big guys are noticing this.

  6. #1176
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    Quote Originally Posted by TravisT-[SSS] View Post
    Finally some big guys are noticing this.
    They have server details too.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  7. #1177
    Join Date
    Apr 2012
    Location
    United Kingdom
    Posts
    39
    Edit: nevermind, my bad.

  8. #1178
    Join Date
    Aug 2003
    Posts
    2,067
    I am not sure if I follow this correctly. He mentioned in the beginning of the article that it hooks into md5 init, update and final, but then in the end he suggests the MD5 checksums are important. How can md5 checksums calculated on the system (to verify against original installation) be trusted, if the MD5 functions are compromised?
    Warning: include('signature') [function.include]: failed to open stream: No such file or directory in eval'd code on line 38
    Warning: include() [function.include]: Failed opening 'signature' for inclusion (include_path='.:/usr/local/php5/lib/php') in eval'd code on line 38

  9. #1179
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    Ok.

    We all have been so worried on the sshd aspect to this.
    But we forgot to take a look at 'ssh'.. this little lonely binary used to initiate ssh connections with other servers.

    Well...

    You go and login to another server using an infected machine (which you may not know is infected).

    Guess what happens, our well known friend here:

    5297 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("72.156.139.154")}, 16) = 0
    shows up again, sending your other servers login details out.

    So really all you need is 1 compromised server, to have multiple.. if you use your server to login to other servers.

    They are in memory too.

    ---

    With that said.. change all passwords to your servers even if they are not 'infected' if you may have used an infected machine to login to another server.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  10. #1180
    Join Date
    Aug 2004
    Posts
    136
    That's why I was asking if ssh binary was found modified cuz i saw it being patched as part of hacker bash history

  11. #1181
    Join Date
    Nov 2012
    Posts
    71
    Just received this from cPanel:

    You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with "sudo" or "su" for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.

    As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel's security team is continuing to investigate the nature of this security issue.

  12. #1182
    Join Date
    Jul 2006
    Location
    Australia
    Posts
    2,580
    I just received this from cPanel
    (the email looked legit)

    Salutations,

    You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with "sudo" or "su" for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.

    As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel's security team is continuing to investigate the nature of this security issue.



    --cPanel Security Team
    EDIT: Beaten.
    cPanel, CloudLinux, Softaculous ℵ Off Site Backups, Redundant DNS

  13. #1183
    Join Date
    Nov 2010
    Location
    Saskatchewan yep Canada
    Posts
    35

    so whats this all mean?

    I recived it as well
    Is cpanel going to help us all fix now??
    many of us have said may be them many times


    Quote Originally Posted by brianemwd View Post
    Just received this from cPanel:
    Last edited by weredigital; 02-21-2013 at 08:53 PM. Reason: error

  14. #1184
    Join Date
    Nov 2012
    Posts
    71
    Quote Originally Posted by ThreadHo View Post
    Is cpanel going to help us all fix now??
    Yeah I am pretty pissed off right now.

  15. #1185
    Join Date
    Sep 2004
    Location
    Aveiro - PORTUGAL
    Posts
    68
    And about servers without cpanel being exploited?

    Maybe using same passwords than cpanel servers, with password saved on cpanel ticket system?
    Alvaro

Page 79 of 102 FirstFirst ... 29697677787980818289 ... LastLast

Similar Threads

  1. ****`it Rootkit, Tuxtendo Rootkit
    By ISpy in forum Hosting Security and Technology
    Replies: 4
    Last Post: 06-22-2010, 11:27 AM
  2. Which server builds are you rolling out?
    By GeekMe in forum Dedicated Server
    Replies: 11
    Last Post: 04-18-2010, 08:03 AM
  3. Getting the ball rolling ...
    By policefreq in forum New Members
    Replies: 1
    Last Post: 08-19-2006, 11:16 PM
  4. Getting company to get rolling
    By Overclocked in forum Running a Web Hosting Business
    Replies: 19
    Last Post: 08-03-2004, 04:02 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •