Thanks for the info. May be this could be an issue why my hostgator account got compromised. http://forums.digitalpoint.com/showthread.php?t=738896
Patched in builds later than 21594 Or if you go by version then you're looking at: For 11.19.x Everything 11.19.2 or newer is patched For 11.18.x Everything 11.18.2 or newer is patched This actually hit a few big hosts just like the 0 day kernel exploit. Seems some of these exploits are targeting big hosts.
Hey everyone, To check to see if your Dedicated servers were affected at all by this exploit, you can run the command below. If there is output it could possibly mean you were exploited. If there is nothing, then you should be perfectly fine. mysql -e "use horde ; select * from horde_prefs WHERE pref_name = 'theme' AND pref_value LIKE '%..%';" Code (markup): To get Horde up and running with the patched version, you may run the following commands. chattr -ia -V /usr/local/cpanel/base/horde/index.php /scripts/upcp --force Code (markup):
Really, all you need to do is /scripts/upcp or update it via WHM. No need for force at all here. (or for the chattr command)
HostGator provides a more stringent regex patch than cPanel does, and across their entire board, they disabled Horde and chattr +ia'd it. Once you /scripts/cpup though, cPanels version takes over.
Service providers such as HostGator seem to be taking a big hit for the vulnerabilities within their 3rd party software configuration setups. It would certainly explain why Dreamhost and others have started to roll up some of their own inhouse tools and have gotten rid of the fantastico type installation tools.