HostGator Recovers From cPanel Flaw

A confluence of vulnerabilities – one in the hosting control panel cPanel, and one in Microsoft’s Internet Explorer browser – created a large-scale security breach at several hosting firms last week, and may prompt Microsoft to patch the its browser ahead of the scheduled October 10 update.

Last weekend, hackers exploited a flaw in cPanel (cpanel.net), among the most popular Web hosting control panels, gain access to the networks of seven Web hosts. The attackers took control of hundreds, possibly thousands, of Windows-based machines using Internet Explorer.

Hackers injected iframe exploits into PHP pages located on the Web hosts’ servers, redirecting some visitors to sites off the hosts’ networks. The IE bug is related to the way the browser processes Web-based graphics code written in the Vector Markup Language, enabling hackers to install spyware and malware onto the computers of Internet Explorer users.

Bocan Raton, Florida-based HostGator (hostgator.com) was the first Web host to discover the attack, which lasted from late Thursday to Saturday afternoon. However, HostGator founder and president Brent Oxley says the hackers used the cPanel vulnerability to access HostGator servers more than a month ago, keeping a low profile before striking late last week.

According to Eric Sites, vice president of Sunbelt Software (sunbelt-software.com), there are some 20,000 sites that are currently attempting to exploit the vulnerability. The security software developer initially discovered hackers were using the VML flaw on pornographic Web sites.

Dave Koston, an operations manager at cPanel, says the company patched the hole within an hour of it being brought to its attention. An update was then passed along to the majority of servers that use the control panel software.

HostGator says it worked with other parties to develop an additional version of the patch and ensure that the problem was fully resolved.

“Provided your server is secure via all other common methods and properly administrated,” says Oxley, “with this patch applied on a cPanel server, the issue should not present itself at this time.”

Oxley says no matter how stringent a Web hosting company’s security practices, it is extremely difficult to defend against attacks that target a flaw in third-party software.

“There’s really not much you can do since its cPanel and it’s out of our control,” says Oxley. “They have the source, which means they’re the only one that can secure it. There are exploits everyday; I’m sure there are going to be many other exploits to be discovered.”

After HostGator discovered the cPanel exploit, it contacted a few of its major competitors to see if they were also affected by the flaw. After discovering other cPanel hosting companies had similar experiences, HostGator advised them on how to remedy the problem.

On September 24, Network Redux sent a formal request on behalf of HostGator and five other Web hosts including BlueHost, Rails Playground, Clear-Data Internet Services, Myriad Network and HostingZoom, asking cPanel engage security consultants for a full security audit of the cPanel and WHM codebase.

The Web hosts urged cPanel to provide “assurance from a third party entity [that its] codebase provides a secure operating environment” for its users. The request also called for cPanel to provide “fixes to all discovered security issues, and full disclosure be provided to cPanel partners and distributors,” all within an appropriate time period for updates.

Oxley says HostGator alerted the FBI and other law enforcement agencies to the situation, but “have not seen any interest from them.”

And while HostGator has stemmed the spread of what could have become a very serious problem, similar attacks are likely to occur in the future. Oxley says that dealing with such security issues is an inevitable downside of the industry.

“Is this going to be the last exploit that we’re ever going to see? Probably not, but we’ve done everything we can on our side to have a secure setup,” says Oxley. “In the end, no one’s 100 percent secure when it comes to Web servers, and anyone who says they are is lying and has no idea what they’re doing.”

HostGator Reviews and Hostgator News

L’exploitation de la faille VML d’Internet Explorer attire de plus en plus de pirates

Les experts de sécurité ont mis en garde contre l’augmentation considérable du nombre de pirates qui exploitent activement une vulnérabilité liée au Vector Mark-up Language (VML) gérée par Internet Explorer. Une faille que Microsoft a récemment découverte. “De plus en plus de sites utilisent ce code qui permet d’exploiter la faille “, confie Craig Schmugar, chercheur antivirus de l’Avert Labs de Macafee.

Les éléments pour exploiter cette faille ont été intégré dans une boîte à outils malveillante du nom de “WebAttacker”, ce qui a grandement facilité son exécution, estime Craig Schmugar.
“[WebAttacker] est connu pour permettre aux utilisateurs débutants d’utiliser cette boîte à outils pour installer leur payload”, a-t-il expliqué. En français, on pourrait traduire le terme payload par “charge utile” . Il désigne en particulier l’activité malicieuse d’un virus. “Des outils ont été mis en ligne pour permettre aux pirates de se connecter à une URL et de développer un outil permettant d’exploiter la faille pour télécharger et d’exécuter le fichier de leur choix”, poursuit l’expert.

Mercredi dernier, les média ont fait l’écho d’une vulnérabilité non corrigée détectée dans le langage VML d’Internet Explorer permettant aux pirates de prendre le contrôle d’un système. Cette vulnérabilité a été exploitée pour la première fois sur un groupe de sites pour adultes hébergés en Russie.

Une tentative d’arnaque par phishing basée sur la faille à exploiter via VML a également émergé le week-end dernier, visant à dérober les données de connexion des sites financiers. Cette information a été révélée à Vnunet.com par le CTO d’Exploit Prevention La bs, Roger Thompson.

Le groupe envoie chaque semaine des spams informant leurs destinataires qu’ils ont reçu une carte numérique sur le service Yahoo Greetings. Dès que les utilisateurs se rendent sur le site Yahoo, ils passent automatiquement par un serveur abritant la faille à exploiter au préalable. Ce serveur va infecter le système des utilisateurs grâce à un cheval de Troie. Celui-ci est conçu pour collecter toutes les informations utilisées sur les formulaires en ligne, ce qui permet aux pirates de recueillir les informations de connexion des sites bancaires ou des services de paiement en ligne de type PayPal.

Les pirates sont actifs depuis environ quatre à cinq mois. Avant d’exploiter la vulnérabilité VML, ils ont tout d’abord utilisé une faille de sécurité critique détectée dans les composants Microsoft Data Access de Windows et qui a été réparée en avril dernier.

Même en exploitant la vulnérabilité corrigée, les pirates sont parvenus à collecter 200 Mo de données chaque semaine, estime Roger Thompson. L’expert pense que le nombre de victimes va augmenter car le groupe de pirates utilise la faille dans VML qui n’a toujours pas été corrigée.

Dans une autre attaque, des cybercriminels sont parvenus à détourner des comptes utilisateur hébergés sur HostGator en exploitant une vulnérabilité dans le logiciel d’hébergement cPanel que le fournisseur n’a pas su corriger. Les pirates se sont introduits sur les sites Web hébergés sur ce serveur de façon à afficher une petite balise “iFrame” dirigeant automatiquement les utilisateurs sur un site abritant la faille à exploiter.

“Il est intéressant de constater que la faille qu’il est possible d’exploiter sur cPanel ne fonctionne que si vous êtes membre du service d’hébergement”, commente Eric Sites, vice-président de la division R&D de Sunbelt Software. C’est cet éditeur de solutions de sécurité qui a découvert en premier la faille potentielle à expoiter par l’intermédiaire du service d’hébergement.

Microsoft projette de corriger la vulnérabilité VML le 10 octobre prochain, dans le cadre de son traditionnel cycle de correctifs. Vendredi dernier, un groupe de chercheurs indépendants a publié un correctif VML non officiel.

Mais l’utilisation de plus en plus répandue de cette vulnérabilité pourrait contraindre Microsoft à anticiper le lancement de son correctif. Les éditeurs de logiciels de sécurité sont en effet incapables de créer des signatures de détection pour tous les programmes malveillants exploitant cette vulnérabilité.

HostGator Reviews and Hostgator News

Craccati, Web host diffondono exploit VML

Sfruttando una vulnerabilità in cpanel, noto tool grafico web-based per la gestione dei siti web, alcuni cracker sono riusciti a compromettere i server di HostGator, una società americana che gestisce in hosting circa 600.000 domini.

Forum di Punto Informatico
Opinioni e commenti su questo articolo
Gli aggressori hanno approfittato della falla per accedere a circa 200 siti web e installarvi, all’insaputa dei proprietari, uno script iframe in grado di sfruttare la recente vulnerabilità VML di Internet Explorer per installare sui PC dei visitatori vari tipi di malware .

Il proprietario di HostGator, Brent Oxley, ha spiegato che l’attacco ha coinvolto almeno altre tre società di web hosting statunitensi: ciò significa che i cracker potrebbero aver guadagnato l’accesso a diverse centinaia, se non addirittura migliaia, di siti web. Da qui ad aver infettato un numero elevatissimo di utenti il passo è breve.

Secondo Roger Thompson, CTO di della società di sicurezza Exploit Prevention Labs, il risvolto più grave dell’attacco è stata la diffusione di spyware e cavalli di Troia attraverso la vulnerabilità zero-day di IE: il fatto che non esista ancora una patch ufficiale, metterebbe infatti a rischio un numero potenzialmente elevato di utenti Windows.

Il bug di cpanel è invece stato corretto nelle scorse settimane, ma a quanto pare gli aggressori hanno preso il controllo di HostGator prima che il problema fosse risolto. Non è dunque da escludere, secondo gli esperti, la possibilità che là fuori vi siano altri siti di web hosting ancora sotto il controllo di malintenzionati.

Il rapido diffondersi di siti web che fanno leva sul buco di IE per propagare, spesso a fini di lucro, malware d’ogni genere, sta mettendo sempre più sotto pressione Microsoft . Uno sviluppatore dell’azienda ha affermato che “in Microsoft si sta lavorando ventiquattr’ore su ventiquattro alla patch”, patch che attualmente si trova in fase di testing. A questo punto sembra ormai certo che Microsoft rilascerà l’update prima della pubblicazione dei suoi bollettini mensili di sicurezza, prevista per il 10 ottobre. Nel frattempo gli utenti di IE possono proteggersi adottando le misure di sicurezza descritte nell’advisory di Microsoft o installando questa patch non ufficiale.

HostGator Reviews and Hostgator News

Web Hosts Hit by Hackers

Hackers recently exploited a flaw in the cPanel (cpanel.net) hosting control panel to gain access to four Web hosts including HostGator (hostgator.com), and take control of Windows-based machines using Internet Explorer, in an attack that lasted from late Thursday to Saturday afternoon. The hackers placed an iframe script in Web sites that directed some visitors to malicious addresses that would infect them.

The VML hole and other similar zero-day vulnerabilities, enable criminals to install spyware and other malware onto machines. The criminals behind the cPanel attack deployed this tactic, using a previously unknown vulnerability in cPanel to gain access to hundreds or thousands of servers that supply Web pages.

Dave Koston, an operations manager at cPanel, says the company patched the hole within an hour of it being brought to its attention. An update has since been passed along to the majority of servers that use cPanel. Koston also adds that the attackers would have needed a working account with each Web host in order to exploit the vulnerability.

HostGator owner Brent Oxley says some 200 HostGator servers were accessed, but he was unable to estimate how many of the sites were affected. He says the hackers used the cPanel vulnerability to access HostGator servers more than a month ago, and then kept a low profile before striking last week.

The iframe script redirected visitors using Internet Explorer, the only browser vulnerable to the VML flaw, while visitors using other browsers went unaffected. An estimated 20,000 sites are attempting to exploit the vulnerability, says Eric Sites, vice president of Sunbelt Software (sunbelt-software.com), the company that first discovered the flaw.

HostGator Reviews and Hostgator News

Hackers verspreiden Windows-exploit via webhost-applicatie

Volgens de eigenaar van het Amerikaanse hostingbedrijf Hostgator, Bront Oxley, werden zijn servers en die van drie andere hostingbedrijven van vrijdagochtend tot zaterdagnacht (Nederlandse tijd) aangevallen door een groep hackers.

Zij braken in via een tot dit weekend nog onbekend lek in Cpanel – een applicatie waarmee hostingbedrijven hun domeinen beheren. Vervolgens lieten ze een iframe-script achter op diverse websites, waardoor bezoekers geïnfecteerd raakten via het nog ongedichte vml-lek in Windows.

Vml-lek

Het vml-lek in Windows, dat eerder deze maand werd ontdekt, stelt hackers in staat gemanipuleerde codes uit te voeren via de vector graphics rendering-bibliotheek. Alle versie van Windows zijn kwetsbaar.

Een eerste exploit verscheen midden september voor Internet Explorer, maar sinds donderdag is er ook een exploit in omloop die gebruikers van Outlook 2003 treft. Experts vrezen voor een reeks nieuwe, grootschalige aanvallen.

De druk op Microsoft om nog vóór de eerstvolgende patchdag (dinsdag 10 oktober) een patch uit te brengen, wordt logischer wijs steeds groter.

Beveiligingsdeskundigen van het Zeroday Emergency Response Team (ZERT) wilden niet langer wachten en brachten dit weekeinde al een patch uit.

Cpanel-lek

Dave Konston, operationeel directeur bij Cpanel, stelt dat het lek in Cpanel al een tijdje gedicht is. Servers met Cpanel zouden inmiddels een update hebben ontvangen.

Volgens Konston moeten de hackers een account bij de hostingbedrijven hebben gehad om via Cpanel in te kunnen breken. Welke hostingbedrijven – naast Hostgator – nog meer zijn getroffen, is niet bekend.

HostGator Reviews and Hostgator News

Pressure Mounts on Microsoft to Patch IE Flaw

Hackers are intensifying their attacks on Internet Explorer users, increasing the chances that Microsoft will patch a critical flaw in the software ahead of its regularly scheduled October 10 security update.

On Sunday, hackers released sample code showing how to exploit the IE flaw on a fully patched version of Windows XP, a move that security experts believe will step up the attacks. Criminals have been taking advantage of a previously unknown vulnerability in cPanel software, widely used by Web hosting providers, to install the IE malware on Web servers.
How It Works

The Microsoft bug has to do with the way IE processes Web-based graphics code written in the Vector Markup Language (VML). It was first reported Monday September 18 by researchers at Sunbelt Software, who found that attackers were exploiting this vulnerability on a number of pornographic Web sites.

Late last week, attackers started spreading their attack code by taking advantage of a second flaw in cPanel’s Web hosting administration software. This product is used by Web hosting providers to give their customers an easy way to administer their Web sites.

Hackers were able to exploit this problem to gain access to servers at hosting provider HostGator.com and began adding malicious VML exploit code to the Web pages of HostGator’s clients, starting late Thursday.
A Coordinated Attack

In fact, the attackers had used the cPanel flaw to gain control of HostGator’s servers weeks before the VML vulnerability was disclosed, according to Brent Oxley, CEO of HostGator.com, based in Boca Raton, Florida.

“They took control of as many servers as they could and they were building an army.” Oxley said.”They waited idly for a month and when the Microsoft exploit came out that’s when they launched the attack.”

HostGator servers are used to host about 500,000 Web sites, but not all were compromised. Oxley estimated that “thousands” were, however, and said that a number of other hosting providers have also fallen victim to the cPanel attack.

The cPanel flaw has now been patched and HostGator.com customers are no longer serving up the VML exploits, but security experts wonder how widespread the cPanel compromise has been.

“It’s a little worrisome that these hackers appeared to be targeting that piece of software,” said Rich Miller, an analyst with Netcraft. “It’s very common among large hosting companies.”

HostGator Reviews and Hostgator News

Hostgator Review by wmmead – The best I have found, but not perfect

I have been hosting sites with various companies for the last 10 years or more. I came to hostgator just about a year ago because of the great deals on an excellent shared hosting package with great features.

I have been largely happy with them. I have designed web sites for several other people/companies and have gotten several of them to sign up for space here.

The only complaint I do have is if you do have some sort of problem or issue, it is not always easy to get it fixed. I think their support staff are stretched thin. The live chats are slow and a lot of time is wasted waiting for a reply. I suspect the tech is chatting with other clients at the same time. Submitting a ticket is better, but a lot of times direct questions are not directly answered. Or tickets with more than one question will end up with most of the questions ignored.

I realize that providing this service at its current price point means that something has to take a hit. It is not fair to expect top notch service for $10/month. However, I would like to see steps taken to make support better. Perhaps there could be a way to add paid support for stuff that is beyond the basics. I think there are a lot of ideas like this that could be explored.

HostGator Reviews and News Source