Critical Vulnerability in cPanel/WHM [Action required]
AnthonySmith
AdministratorHosting ProviderOGSenpai
Seems like a wild authentication bypass is in the wild as they are literally suggesting blocking access to 2083/2087, which is both customers and admin.
This is what happens when you get passed around venture capitalists that just want you use your money maker.
Edit: I am going to go as far as to suggest that anyone hosting a website on cPanel that has data they don't want made public remove their sites for now.
Comments
Oof.
So glad i stopped using CPanel the moment I found a host with a homebrew panel that didn't suck. Been just /etc/apache2 (and /etc/nginx) for the last decade and change. Should have been longer, but I was lazy.
"It's a hard life- to be a stick insect." - Karl Pilkington
Patches released: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication
🌐 Ethernet Servers Ltd – 10+ Years Online
Shared, VPS, Dedicated Servers & Domains – www.ethernetservers.com
Ruthless
While I have very little sympathy for people running years out of date software and making predictable problems actual problems, and then suddenly everything is urgent.... WHM's solution, if you are out of date, block customers from everything, problem solved.
TierHive - Hourly VPS - NAT Native - /24 per customer - DE, UK, SG, CA, USA x3, FR, AU, PL, NL
FREE tokens on sign up, try before you buy. | Join us on Reddit
Thank you for the notice.
BTW, anyone knows where to get a cheaper license? I can't stop using cPanel on this particular server.
nope... and why not?
ExtraVM - KVM NVMe VPS in USA, EU, APAC -|- RackColo - Find Colo
As did I, but model + scale got to me. Thank god for kernelcare: https://tuxcare.com/endless-lifecycle-support/operating-systems-eol-support/
Got 'em all patched up today though, and took everything down as directed within an hour. And now I have my AI checking for critical cPanel alerts every 6 hours. We're hitting crunch time in the industry. Whether or not Claude Mythos is everything it's cracked up to be, it has everyone on the edge of their seats trying to beat the AI and get ready for impending doom. The one thing none of us should be feeling is a sense of safety, it seems.
Do everything as though everyone you’ll ever know is watching.
Because the developer working with the customer is a donkey and he only knows how to use cPanel.
They put out a script on their article to check if you’ve been compromised. Heads up, it seems to identify every failed attempt as a possible compromise, even after patching. And the attempts are plentiful today.
Do everything as though everyone you’ll ever know is watching.
Exploit is in the wild then?
TierHive - Hourly VPS - NAT Native - /24 per customer - DE, UK, SG, CA, USA x3, FR, AU, PL, NL
FREE tokens on sign up, try before you buy. | Join us on Reddit
Seems to be. I’m getting hit by attempts from so many places it must be super easy.
Do everything as though everyone you’ll ever know is watching.
Whoever failed to patch their cPanel is going to wake up tomorrow to being rooted. Here's a list of IPs currently looking for cPanel boxes to root: https://mxbin.io/ierGkh
Do everything as though everyone you’ll ever know is watching.
There are some missing IPs from that list! I got at least 3x compromised & ransomware'd servers (I didn't check the 15 others) that couldn't be patched in time (automatically).. And now there is this bug on top of it: https://support.cpanel.net/hc/en-us/articles/34715460107159-Backup-restore-stalls-when-running-AutoDomains-script 💩 ah, I can see that the CURRENT version of cPanel (not the STABLE release tier) should be picked...
I also have an army of bots brute forcing many servers, as if they all woke up from the deep of the seas...
💩 VirCrap 💩
If anyone interested why and how https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
Soo any one looking for non-cPanel web hosting
????
ExtraVM - KVM NVMe VPS in USA, EU, APAC -|- RackColo - Find Colo
I had a cPanel box that I had set aside for migration, but never got around to it. Ended up forgetting about it. So it was online with cPanel installed, no data (so nothing of value to compromise), and it got hit. That means I get a first hand look at what they do to these boxes.
Safe to say if you get hit, you're just fucked. You're not just getting away with a backgrounded coin miner. Though it was pushing 200mbit in traffic, from something running in memory (I have no copy of what they were running).
Do everything as though everyone you’ll ever know is watching.
HN discussion:
https://news.ycombinator.com/item?id=47969288
https://news.ycombinator.com/item?id=47967974
I also faced the situation where at least three servers were hacked and the files and databases were emptied.
Then they demanded Bitcoin.
I don't believe he will keep my data.