cPanel Secures System Following Breach Detection

(Ping! Zine Web Tech Magazine) – Popular control panel provider cPanel on Wednesday released a statement via their forums that it had detected a compromise of its system occurring last Thursday.

Affected in the incident was a proxy server used by a limited number of cPanel technical analysts to access customer servers for the purpose of support. The breach itself was administered by what the company described as “a malicious third-party.”

Following the situation, cPanel emphasized stability, noting it had worked to stabilize the problem along with the fact that no customer data was found to be compromised.

Meanwhile, the company provided constant updated information to Server Administrators of the breach in addition to implementing new security enhancements.  cPanel’s entire statement from cPanel Forums is included below:

As mentioned in our email sent to cPanel Server Administrators who’ve opened a ticket with us in the past 6 months, on February 21 we discovered that one of the proxy servers we utilize in the technical support department had been compromised. The cPanel Security Team’s investigation into this matter is ongoing.

We’d like to relay additional details about the intrusion that we have gathered with you here, and we want to explain what preventative measures we’re putting in place that will introduce additional layers of security to our new and existing systems, already in place.

Here’s what we know:

The proxy machine compromised in this incident was, at the time, utilized to access customer servers by some of our Technical Analysts. It’s intent was to provide a layer of security between local & remote workstations and customer servers.

This proxy machine was compromised by a malicious third-party by compromising a single workstation used by one of our Technical Analysts.

Only a small group of our Technical Analysts uses this particular machine for logins.

There is no evidence that any sensitive customer data was exposed and there is no evidence that the actual database was compromised.

Documentation on how to Determine Your System’s Status is available and we encourage System Administrators to use those details to determine the status of their servers.

Here’s what we’re doing about it:

We have restructured the process used to access customer servers to significantly reduce the risk of this type of sophisticated attack in the future. We have also been working on implementing multiple changes to our internal support systems and procedures as outlined for your information below.

Our system will now generate and provide you with a unique SSH key for each new support ticket submitted.

We are providing tools to authorize and de-authorize SSH keys and instructions on how to use them whenever you submit a ticket.

Our system will generate a single-use username and password credentials for accessing WebHost Manager that are only valid while our staff is logged into your server.

Additional enhancements are also planned behind the scene that should be transparent to our customers.

With these new layers of security in place, it is now possible for our Technical Analysts to service your support requests without you providing your server’s password for nearly all requests involving machines running our cPanel & WHM product going forward. However, we will still offer the ability to provide your password for server migrations, or in the event you cannot use SSH keys.

cPanel’s Internal Development Team has been working on an automated solution with the end goal of eliminating the need for our Technical Analysts to view any passwords you provide during the ticket submission process. We are testing this solution right now, and hope to have it fully implemented in the next few days.

cPanel, Inc. understands your concerns expressed over the last few days, and we very much appreciate the cooperation and patience you have provided us during this time as we work through all of this.

Thank you.

cPanel is one of the industry’s leading platforms for both web hosts and website administrators, allowing them to manage their web presences with tools that allow them to coordinate files, create databases, set up email accounts along with performing a multitude of other tasks.

Ping! Zine Web Tech Magazine will be following up on this story with an exclusive interview with the cPanel official spokesperson addressing the updates on the security issue as well as its involvement at the week’s Internet Advocacy Day on Capitol Hill where among other topics, cPanel is helping to raise awareness about the importance of cyber security legislation.