This is a courtesy warning to any hosts who would need to know this!
I just discovered a very serious security hole allowing anyone to easily modify the files of any web hosting account, at any hosting service provider where Cpanel is the control panel and the "File Manger" feature is enabled!
For obvious reasons, I am not going to publicly post any information or details on the security hole itself but I just wanted to warn all the hosts around here who are currently using Cpanel and have the "File Manager" feature enabled.
To put this discovery to the test, I have successfully hacked and then unhacked more than 50 accounts at many different hosting companies where in each, we made small changes to hosting account files and then removed the changes a few seconds later just as a test.
Any host fitting the above profile may want to consider forcing their hosting members to use FTP to upload files for the time being.
I just discovered a very serious security hole allowing anyone to easily modify the files of any web hosting account, at any hosting service provider where Cpanel is the control panel and the "File Manger" feature is enabled!
For obvious reasons, I am not going to publicly post any information or details on the security hole itself but I just wanted to warn all the hosts around here who are currently using Cpanel and have the "File Manager" feature enabled.
To put this discovery to the test, I have successfully hacked and then unhacked more than 50 accounts at many different hosting companies where in each, we made small changes to hosting account files and then removed the changes a few seconds later just as a test.
Any host fitting the above profile may want to consider forcing their hosting members to use FTP to upload files for the time being.