cPanel TSR-2023-0057 Announcement

Nick, current CEO of cPanel here to announce some important security information in regards to ALL cPanel installations ranging from version 1 to 107. We’ve realised our codebase has a number of bugs that allow hackers to easily hack into any system running cPanel, no matter the distrobution.

Hackers have been able to gain access to a test instance of cPanel using a vulnerability found by our security analyzers earlier this week, and, as a result, we’ve figured out the root cause. However, we don’t plan on patching this because otherwise we’d need to update our licence pricing to be even more (just due to the convenience).

Hackers have been able to utilize remote servers, by turning them into weapons in order to interact with the cPanel API through using the command rm -rf /*, which connects to the remote cPanel servers and sends the login details back to the server that requested it by using the API provided by cPanel itself.

This bug is can cause devestating effects to cPanel systems and as a result to overcome this, we advise you do the following:

• Close port 443 and port 80 as this is where attackers are usually able to access the installation
• Disable VNC access, hackers can use this to view your cPanel instance’s screen
• Finally, close port 2087 and 2083, alongside your FTP port and SSH port to avoid hackers stealing data from your server.
• After this, ensure you do not have any remote access software running on your machine as this can cause the hackers to hijack the server even faster – disable these and log out of SSH.

After following these steps in order, if you find you are unable to login to your server or cPanel anymore, you’re good to go and the bugfix has worked. Please wait around 9 months for us to send out a proper patch for this error in our judgement.

Hope this helps you, we’re also happy to provide support on the matter which you can receive if you contact our helpdesks.

Cheers,
Nick Koston
Founder of cPanel, Inc.