Wordpress ignoriert graviernde Sicherheitslücke seit November 2017!
29.04.2013 - Thousands of web servers hacked by heavy security hole in cPanel
Cdorked.A is a backdoor for Apache servers, which infiltrates through a vulnerability in the hosting control panel cPanel. After the attackt, the server can be used by the attacker for any purpose without restriction. Commands are transmitted over veiled HTTP requests.
Backdoor very difficult discoverable
The malware uses only a modified httpd binary and only 6MB RAM memory. But that´s not all, the malware doesn´t leave any traces in the log files, what makes tracking very difficult. The modified file is also provided with the immutable bit, which also makes it difficult to access. The administrator must first edit the file with chattr before he can replace it with a clean version.
The analysis from the outside is difficult, because the compromised server changes its behavior only once a day and IP address. A user who visits the site for the first time in a day is redirected via a redirect. More requests and administrative requests are not redirected, so it takes days to weeks until the behavior is striking. The redirected page contains additional malware (worms, trojans, viruses), which is automatically nested on the PC of visitor. A virus scanner offers in most cases not enough secure protection.
We recommend all Apache administrators who use the cPanel to administrate their servers to check of their server is already infected by the highly advanced malware and possibly implement appropriate steps to cleanup the system.back to the overview
Hackmonitoring, Hackcheck, PHP-worms, Webserver Worms, Hackattacks, Trojans, IFrame-worms, Malware