An exploit has been found in the cPanel control panel software. If you have a VPS/Dedicated server with cPanel installed on it, please update it as soon as possible in order to avoid having your server hacked into. Customers who have basic management service with us are being updated as I type this announcement.

You can update cPanel by logging into WHM as the root user and clicking on the "Upgrade to Latest Version" link under the cPanel section on the left.

For more information on this matter, please refer to this topic on cPanel's forums:

http://forums.cpanel.net/showthread.php?t=58090

Feel free to open a ticket at our help desk (https://support.netwisp.com) if you have any questions about this matter.

Thank you!

Hal

Please be advised that cPanel's original fix didn't actually get applied if you had ran /scripts/upcp yesterday. You will need to run it again to get the patch and secure your server from the root exploit.

To check if your server is secure, you run the following steps as the root user:

wget http://layer1.cpanel.net/installer/cpanel_exploit_checker_092406.pl
perl cpanel_exploit_checker_092406.pl


If it says you need to patch your server, please run /scripts/upcp again and rerun the check script.

Also, there are some rumors that this patch breaks phpMyAdmin. I will update this topic once more information or a fix comes out for this issue.

Thank you.

Hal