here's the deal, i need some advice on how to proceed or if it's better to find another hosting company...
i have a vds with them.
3 days ago i receive multiple complains that my vds was hacked, and fdcservers support said it was better to perform a reinstall to prevent this from happening, after i perform the backups to me i asked them to reinstall the server ( centos, latest cpanel/whm ).
2 days ago the server was reinstalled, i puted the dns configuration up.
today i received this message from the cpanel of my vds :
"IMPORTANT: Do not ignore this email.This message is to inform you that
the account user has user id 0 (root privs).This could mean that your system
was compromised (OwN3D). To be safe you shouldverify that your system has not
been compromised."
just in case i sent a support ticket asking if there was any problem with my new reinstalled box...
their answer:
" yous this means some one else have root access .Please check your logs to find
out how to they hack in to your box first , then get your system reinstalled
--
Thank you,
FDCservers.net "
witch i promply answer:
"...
i got my system reinstall 2 days ago...then i asked to put the dns up, then i
got this msg, i haven't touched the server yet, and it's already hacked ? "
their support answer was very kindly :
"
if you don't know how to menage your server get a system admin to do so for you.
There is so many updated ....
Here is one that is coming out from cpanel
--------------------------------------------------------------------------
An arbitrary file inclusion vulnerability has been discovered in the Horde
webmail application. At present, we can confirm that this security
vulnerability in question affects Horde 3.1.6 and earlier. Based on
incomplete information at this time, we also believe this affects Horde
Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware
at this time).
cPanel customers should update their cPanel and WHM servers immediately to
prevent any chance of compromise. The patch will be available in builds
11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated
builds will be available immediately to all fast update servers. The
builds will be available to all other update servers within one hour of
this posting.
To check which version of cPanel and WHM is on your server, simply log
into WebHost Manager (WHM) and look in the top right corner, or execute
the following command from the command line as root:
/usr/local/cpanel/cpanel -V
You can upgrade your server by navigating to 'cPanel' -> 'Upgrade to
Latest Version' in WebHost Manager or by executing the following from the
command line as root:
/scripts/upcp
It is recommended that all use of Horde 3.1.6 and earlier be stopped (on
cPanel and non-cPanel systems alike) until Horde updates can be applied.
You can disable Horde on your cPanel system by unchecking the box next to
'Server Configuration' -> 'Tweak Settings' -> 'Mail' -> 'Horde Webmail'
within WHM, and saving the page with the new settings.
We would like to thank HostGator for providing the initial details in
their report of this vulnerability.
--
Thank you,
FDCservers.net "
i wonder if it's company police to installed a whm/cpanel version that has security holes on a fresh install.
if this would happen to you, what would you do ?
i have a vds with them.
3 days ago i receive multiple complains that my vds was hacked, and fdcservers support said it was better to perform a reinstall to prevent this from happening, after i perform the backups to me i asked them to reinstall the server ( centos, latest cpanel/whm ).
2 days ago the server was reinstalled, i puted the dns configuration up.
today i received this message from the cpanel of my vds :
"IMPORTANT: Do not ignore this email.This message is to inform you that
the account user has user id 0 (root privs).This could mean that your system
was compromised (OwN3D). To be safe you shouldverify that your system has not
been compromised."
just in case i sent a support ticket asking if there was any problem with my new reinstalled box...
their answer:
" yous this means some one else have root access .Please check your logs to find
out how to they hack in to your box first , then get your system reinstalled
--
Thank you,
FDCservers.net "
witch i promply answer:
"...
i got my system reinstall 2 days ago...then i asked to put the dns up, then i
got this msg, i haven't touched the server yet, and it's already hacked ? "
their support answer was very kindly :
"
if you don't know how to menage your server get a system admin to do so for you.
There is so many updated ....
Here is one that is coming out from cpanel
--------------------------------------------------------------------------
An arbitrary file inclusion vulnerability has been discovered in the Horde
webmail application. At present, we can confirm that this security
vulnerability in question affects Horde 3.1.6 and earlier. Based on
incomplete information at this time, we also believe this affects Horde
Groupware 1.0.4 and earlier as well (cPanel does not use Horde Groupware
at this time).
cPanel customers should update their cPanel and WHM servers immediately to
prevent any chance of compromise. The patch will be available in builds
11.18.2 and greater (or 11.19.2 and greater for EDGE systems). The updated
builds will be available immediately to all fast update servers. The
builds will be available to all other update servers within one hour of
this posting.
To check which version of cPanel and WHM is on your server, simply log
into WebHost Manager (WHM) and look in the top right corner, or execute
the following command from the command line as root:
/usr/local/cpanel/cpanel -V
You can upgrade your server by navigating to 'cPanel' -> 'Upgrade to
Latest Version' in WebHost Manager or by executing the following from the
command line as root:
/scripts/upcp
It is recommended that all use of Horde 3.1.6 and earlier be stopped (on
cPanel and non-cPanel systems alike) until Horde updates can be applied.
You can disable Horde on your cPanel system by unchecking the box next to
'Server Configuration' -> 'Tweak Settings' -> 'Mail' -> 'Horde Webmail'
within WHM, and saving the page with the new settings.
We would like to thank HostGator for providing the initial details in
their report of this vulnerability.
--
Thank you,
FDCservers.net "
i wonder if it's company police to installed a whm/cpanel version that has security holes on a fresh install.
if this would happen to you, what would you do ?
