covering the week's top tech stories
with a slight linux bias a clever
phishing scam is targeting cpanel users
with a fake security advisory
alerting them of critical
vulnerabilities in their web hosting
management panel
cpanel is administrative software
commonly installed on
shared web hosting services that allow
website owners to easily administer
their site through a graphical user
interface
starting last week cpanel and web host
manager whm
users began reporting a targeted
phishing email campaign
with an email subject of cpanel urgent
update request
that was pretending to be a security
advisory from the company
this fake advisory stated that updates
had been released to fix security
concerns in cpanel
and whm software and recommends all
users install the updates
in addition to a well-worded email with
little or no grammar and spelling issues
the threat actors use language commonly
found in security advisories
the attackers registered the domain
cpanel 7831.com
to make the scam appear as a as an
authentic advisory from cpanel
and are using amazon's simple email
service ses to send out the emails
if a recipient of this phishing email
falls for the scam and clicks on the
update your cpanel and whm
installations they were brought to a
website that prompted a user to log in
with their cpanel credentials
as this is a well done and convincing
scam it would not be surprising if some
users fell for the scam
if you received a similar email recently
and entered your login credentials at
this site
it is strongly suggested that you
immediately log in to your web hosting
provider
and change the password on your account
you should then perform a complete audit
of your site while paying extra
attention to the addition of strange php
files
that can be used as backdoors also be
sure to examine the website's
dot h t access file for changes that
automatically inject malicious code
into every web page or redirect visitors
that's an interesting story because for
a lot of people who don't have
a lot of background knowledge in web
development
to be able to go to a diy web hosting
service where you can build your own
website with your own cpanel it seems
like such an easy thing but
most people wouldn't have that tech
knowledge to recognize a phishing scam
when it came to the cpanel
sure and i mean some of the stuff that
they get access to if you give them
login credentials can really cause
problems
yeah like if they have linux access yeah
but yeah certainly i mean any like
cheap hosting solution is going to have
some kind of a
a portal whether it's cpanel or
otherwise but you think about cpanel and
and as you say a novice user
signing up for the five dollar hosting
account not
really up on the latest security trends
yeah could be dangerous same thing we
see with wordpress
you get a wordpress site because you
think it's easy to set up and administer
yourself but
you don't realize necessarily i am
generalizing but
maybe you don't realize that that leads
to
major security implications if you are
not
on the up and up it's true super careful
so
for somebody who's sitting there going
uh
i do my own website i just happen to
update myself your
cpanel i just gave my login to these
hackers
like what i i know that you know becca
covered in the story you know
checking some certain things but what
are some i think
well she hit on the the first thing i
would do is check for any
recently modified files and on a linux
server it's really easy because you can
do a find
dash m time and and sort by the time
uh that the file was last modified okay
and so
you can see any file that was modified
in the last
10 days and if you don't you know if you
uploaded your site
six months ago you know that hey those
files are suspect so you can look at
them yeah
yeah because it's not like a virus it's
not like you run a virus scan and
and find the malware no it's like
perfectly legit tools that they're using
to allow them to con
command and control your website yeah or
even going so far
using the wordpress example of creating
users
cpanel same thing maybe they create
users maybe they add
uh an smtp account so they can use your
mail server for
sending spam that's right that's a big
one yeah so if somebody doesn't have the
tech knowledge to go in take a look at
their account
what's another way that they could deal
with that
go through the hosting provider and say
hey can you check my account
jeff if you if you really have that low
of a knowledge when it comes to that
kind of thing
you shouldn't you shouldn't be doing
yourself hosting right
realistically for sure if you're not
familiar with terms like
ftp sftp and what the difference between
those two things
is ssh ssl smtp
pop3 imap if you don't know what any one
of those terms are
mysql mariadb if you don't know what any
of those words mean
then self-hosting is not for you that's
right
um again i'm b in general but
that's those are red flags for me and
and
you don't want to find yourself in a
situation where yes i'm
saving money on hosting but i
part of that is that you are
relinquishing
the desire to pay someone to
maintain that's right and putting that
all on you
so it works great if you're
knowledgeable and you're getting the
five dollar a month hosting account or
whatever
right as an example because you're able
to do that maintenance yourself but this
is where
church websites become illicit websites
yes and other business websites become
defaced
and data theft occurs and
some companies are you know irreparably
have their reputation damaged yes
because of these things
um well and also if you have a website
where you're doing any monetary payments
you know if you're if you're receiving
customer payments like that's even
that's a whole other can of worms you're
getting into there jeff well yeah but
you've got to be careful for that kind
of stuff so
please please please number one change
your password just like becca said
number two start going through the files
on your server to make sure something
hasn't changed
if you haven't logged into your cpanel
for a security update
chances are you're probably not hit by
this but if you did
you need to start doing some checking so
good advice
you