Hack attempt: Page 2 - Enhance Control Panel

Hack attempt

JohnB

xyzulu Well said.

Its not the fault of the panel and no security product can truly make an insecure heap of shitcode safe.

Unfortunately a lot of people have sites/dashboards made by a cheap developer on fiverr or upwork for $200. Of course there is NO followup or maintence included. Its essentially tinder for software development but the disease pops up years later. They truly don't know any better. They think its just code and if it was fine 5 years ago why isn't it fine now?

Educate them and offer services to update or migrate to a current framework/plugin. Or they can kick rocks.

If for some reason you need to find a way to host them as is, host them on a seperate VPS just for them on a provider you don't care about. If their site launches attacks and the provider bans you, not a big deal that way.

wav3front

xyzulu but I said it myself, the issue started with this very old PHP app.

I have no idea how you came to the conclusion that password auth is enabled. I have it disabled in my whole cluster.

xyzulu yet you open tickets with Enhance support about finding ways to continue to host insecure scripts

I'm sorry but I really do not like your sayings here. It's not even your business what I do, is it?
FYI, I did not ask Adam how to host an insecure script, that is 100% your conclusion. I asked him several questions about how to get information about the hack, because this information is not available in the documentation.
For example, running "who" as root will not display information about containerised ssh connections. In addition, the http logs of Enhance did not allow me to investigate what php file run in the hack, and Adam confirmed that they are working on an update regarding logs.

xyzulu you end up complaining about Enhance

where did I complain?
Frankly, I only care about making Enhance better. I love it, but when I find opportunity to make it better, I will suggest a feature.

xyzulu instead of watching inexperienced and opinionated users end up making the tool (Ubuntu/Enhance) look bad because they don't know how to use it properly.

Once more, I do not like your sayings sir.

Kosta

wav3front no one likes what he says!

wav3front

xyzulu how cPFence helped you locate this vulnerability,

But they did. So did the -always amazing support- they I get from Adam.

The reason I opened this thread was to inform the community about the hack, and help make Enhance better. And guess what? it did.

xyzulu

Sorry if my tone came across as disagreeable. I’m not here to argue. I was frustrated at the direction this thread appeared to have taken. I also sense that our first languages may not be the same, some nuances are lost.

gmakhs

xyzulu
You can't Disable password auth when Enhance UI offer's it as an option, that will be super confusing for users (i do agree with you though)

nhybgtvfr

I think the default for ssh should be password use disabled and ssh-key required.

although i suspect many end users wouldn't know how to create an ssh-key, perhaps where the panel allows the user to upload the public key, there should be a button they can click to generate a new key pair to use, and the user downloads the private key (panel refuses to store private key on the server)

have the option that the server admin can choose to allow password based ssh access if they want to, but it should definitely not be enabled by default.

webnestify

Why don't you just limit SSH port behind IP 🙂 With provider firewall is really eazy.

Splunge

Regarding these hack attempts, I note here an insecure script was used, possibly on an older version of PHP . Reading up a bit on Enhance, isn't every user account containerised, unlike DA , cPanel and the likes, jailing their user accounts? My question relates to security and if a user account gets "hacked" the hacker can't go any further as it's containerised, and cannot traverse accounts or gain root/admin privs unlike a poorly setup DA , cPanel & the like leaving doors open like open_basedir and not securing it (disabling PHP functions like exec, shell_exec) etc.... Sorry to waffle on here, as I'm trialing out this CP at the moment, it's interesting to see how it all works under the bonnet, to mitigate against any attacks like OP has experienced.

cPFence

Splunge Reading up a bit on Enhance, isn't every user account containerised, unlike DA , cPanel and the likes, jailing their user accounts?

Yes. Enhance containers (websites) are fully isolated, so if one account gets hacked the rest of the server stays secure. To our knowledge, no other panel offers this level of isolation out of the box, as they all rely on cloudlinux for that. Maybe DirectAdmin with the pro pack (bubblewrap/jailShell) gets you part of the way there, but it’s still not fully isolated like enhance or cloudlinux.

« Previous Page