Recently it has been discovered that cPanel was able to be hacked via what is called a cross-site request forgery attack.
More or less what it means is if you goto a infected website while logged into your cPanel server then it will allow them to run any code they wish on the server and even change the root password. Nasty stuff right?
cPanel has been notified of this however the response they gave was very very poor.
“The response I got from cPanel was we can’t fix this because it’s a feature. Apparently, they’re worried it’s going to break integration with third party billing software, so they can’t fix this.”
Now I am not a dumb ass [most of the time] so I know that if the service can be exploited you fix it. If you need a way to interface the control panel with the billing software find another way to allow it to function. Surely it can be done.
Its times like this I am glad that I do not use cPanel for my own servers however if you do run cPanel make sure you dont goto any strange sites while logged into your account. Perhaps setup a VM and only use it to access cPanel? Who knows 😛
[Source: The Register]