Last week cPanel issued a security alert about a severe vulnerability in servers that run their popular site management software. The vulnerability allowed authentication to be bypassed Patches were released quickly but in the meantime, the advice was to secure access to cPanel either by closing the cPanel service ports 2083, 2087, 2095, and 2096 in the firewall, and disabling the proxy subdomains (cpanel, webmail, webdisk etc).

There were exploits in the wild fairly quickly and some servers fell to a ransomware attack that encrypted all text files and jpg files with the extension ‘.sorry’ and a README.md that gave a contact via an obscure messaging system.

There are several takeaways from an incident such as this:

• Act quickly
• Make sure you have good backups
• Have responsive support

Moortech has been working with cPanel for nearly 20 years and can resolve most problems quickly and easily. Contact us to discuss cPanel support.