Security warning to all hosting providers

[HD-John]

Taken from another forum:

I just discovered a very serious security hole allowing anyone to easily modify the files of any web hosting account, at any hosting service provider where Cpanel is the control panel and the "File Manger" feature is enabled!

For obvious reasons, I am not going to publicly post any information or details on the security hole itself but I just wanted to warn all the hosts around here who are currently using Cpanel and have the "File Manager" feature enabled.

cPanel will most likely issue a fix for it soon. What we can do for now is remove all the vulnerable files and disable access to the vulnerable feature.

I have created the following script for doing this: (I didnt make this script, all copyright is held by the owner)

http://www.lifelesspeople.com/script.sh

Note: You must edit it before the script will do anything. Take note of the license and comments in the script. Use at your own risk.

(HD has corrected this issue on our cpanel servers)

[cricketer]

Thanks for the information. I will pass it on to my hosting provider.

[webster13045]

thanks for this info i will foward it on