Spammers exploiting a cPanel vulnerability

Wed, 26th January 2011, 11:30

A number of sites are blogging about spammers exploiting a cPanel vulnerability at Utah-based hosting company Hostmonster, which is owned by Bluehost. The targets of the alleged abuse were high profile domains belonging to educational, financial and public institutions.

Bluehost co-founder Danny Ashworth told Krebs on Security that an attacker exploited the cpanel vulnerability to create rogue subdomains on dozens of domain names hosted by the company.

The subdomains point to pages used in black hat search engine optimization (BHSEO) campaigns to poison search results. This method involves creating pages filled with keywords for a particular search topic, a technique referred to as keyword stuffing, on domains with a solid PageRank.

The spammer was able to create subdomains between April and July 2010, when Hostmonster addressed the initial security issue, but they remained online until recently.

“We added and altered some security measures in July for another issue that we found which also fixed the CPanel bug that allowed this exploit to take place, [and] although it did not allow additional records to be created/altered, it did not remove the entries that existed,” Ashworth said.

The blog Unmask Parasites has some great tips in a post that highlights a recent and persistent variation of the Hostmonster attack.


Liquid Web Managed Word Press