Via cPanel Blog -
cPanel announced today that it’s security team has identified several key components of a hack known as the Random JavaScript Toolkit. The systems affected by this hack appear to be Linux® based and are running a number of different hosting platforms. While this compromise is not believed to be specific to systems running cPanel® software, cPanel has worked with a number of hosting providers and server owners to investigate this compromise.
The cPanel Security Team has recognized that the vast majority of affected systems are initially accessed using SSH with no indications of brute force or exploitation of the underlying service. Despite non-trivial passwords, intermediary users and nonstandard ports, the attacker is able to gain access to the affected servers with no password failures. The cPanel security team also recognized that a majority of the affected servers come from a single undisclosed data-center. All affected systems have passwordbased authentication enabled.
Based upon these findings, the cPanel security team believes that the attacker has gained access to a database of root login credentials for a large group of Linux servers. Once an attacker manually gains access to a system they can then perform various tasks. The hacker can download, compile, and execute a log cleaning script in order to hide their tracks. They also can download a customized root-kit based off of Boxer version 0.99 beta 3. Finally, the attacker searches for files containing credit card related phrases such as cvc, cvv, and authorize.
No comments:
Post a Comment