Author Topic: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0  (Read 45 times)

0 Members and 2 Guests are viewing this topic.

Offline
*
Hello, I think my server has been compromised by a backdoor.
Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0

The file READ-THIS-TO-RECOVER-YOUR-FILE.TXT
along with many other files—how do I fix these backdoors?

Online
*

Online
***
Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Reply #2 on: Today at 05:25:53 PM »
Well, sorry to say that you are the first known victim: https://forum.centos-webpanel.com/centos-webpanel-bugs/cwp-new-security-issue-and-no-communication

Don't mislead users. The links you provided point to pages describing vulnerabilities that affect Control Web Panel versions earlier than 0.9.8.1225.

The current CWP version is 0.9.8.1243.

So what's your point?

If you choose not to keep your system up to date, that's your responsibility. Also, just because a server was compromised doesn't mean it was hacked through a vulnerability in the control panel. The actual cause could just as easily be Joomla, WordPress, or some other software installed by the user. Don't you think that's a more reasonable assumption?

You're making a lot of noise.

Online
*
Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Reply #3 on: Today at 05:29:57 PM »
@cyberspace

Please, don't try to deflect the issue - and even worst, try to deflect that issue to the users.

The vulnerability, before being patched, was active and was capable of being exploited... In true, that doesn't mean that THIS particular issue in this topic WAS because of this, but is just too much coincidence.
Lets just remember that there WAS another critical security issue in CWP, that WAS exploited, with multiple servers hacked... and we still don't have ANY info from the dev team about what happend... not even "sorry".

Even if is currently patched, that doesn't mean that some servers didn't get exploited BEFORE the patch was issued...
« Last Edit: Today at 05:39:12 PM by djprmf »

Online
***
Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Reply #4 on: Today at 05:39:12 PM »
Any software has vulnerabilities. Some of them live more than 10 years: glibc: GHOST, Shellshock... etc.

That is why it is critically important to update all software but it doesn't make your system 100% safe.

Online
*
Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Reply #5 on: Today at 05:42:23 PM »
Yes, every software can and will have vulnerabilities...

... but most of them notify the users about it and NOT silently patch the issue.
ALL the software that you stated, every single one of them... there WAS a statement from the developers about the issue.

Do you have ANY security fix statement from CWP dev team? to ANY vulnerability?
« Last Edit: Today at 05:44:27 PM by djprmf »

Online
***
Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Reply #6 on: Today at 06:09:46 PM »
There were statements because openssl and glibc are life critical libs. They are used by bank systems, government, etc.

cPanel doesn't make statements about every vulnerabilities.

cPanel made statements about the vulnerabilities discovered in May because there were more  than 40k hacked cPanel servers.

Online
*

Online
***
Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« Reply #8 on: Today at 06:50:51 PM »
If you like cPanel and the price $40+ /month is acceptable for you then use cPanel and stop spamming this forum.