alt Hacker NewsCPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers
Comments
CPanel and hosters who use them are in big trouble now; there are millions of servers running them, many of them for decades. Their clients can run code as an user without much sandboxing/guardrails at all.
Not all webhosting companies are using cpanel. Cpanel increased their prices exponentially in the last few years.
So CPanel's security is just as bad as their UI, who would have thought?
Wow, similar sentiments about this being a throw back. I’d rather roll my own almost everything these days, may not be as good, but certainly won’t be targeted exploited broadly.
44,000 servers compromised? Sounds like somebody could've used a software building code
Friendly reminder that there aren't that many ways for a normie to create their own (sub)domain with TLS and an email in under five minutes. That's cPanel for ya.
Most LAMP FOSS web apps have a long history of being hacked.
Is there any specific LAMP web app(s) that has a very good history of not being hacked?
I can't think of any readily but I imagine someone here knows one or two.
"AI safeguards" are not working I guess.. or maybe they're only working against those who'd like to secure their software.. good job Anthropic + OpenAI!
> CPanel
Now there's a name I haven't heard since the 2005 or so era.
How is that thing still around?
Next you're going to tell me people still run phpBB and vBulletin somewhere. And use FileZilla FTP. And manage their database with phpMyAdmin.
Ages ago I used php-nuke to manage my forum and it got hacked and I thought it would get taken seriously
Seeing these CPanel hacks remind me how old these codebases are and how much more vulnerability remain