[thelist] Possible exploit

Simon Willison cs1spw at bath.ac.uk
Thu Nov 20 14:14:18 CST 2003

Keith Underdown wrote:

> My Awstats shows that various external sites, mostly bloggers, have 
> included links to  port 2082 on my website. This is the control panel. 
> It goes to a verification screen. What's the purpose of this? Are there 
> weaknesses in CPANEL that they are encouraging black hats to probe?

Do you check your site statistics using a tool in your control panel? If 
so, what's probably happening is that other bloggers are checking their 
own stats, seeing a link from YOUR stats to their site and following the 
link back to your control panel where they realise that it's a password 
protected tool and surf off somewhere else. If this is the case, the 
referrals coming in to your control panel should be from sites that you 
have received referrals from recently and checked out by clicking a link 
in your own admin panel.

More information about the thelist mailing list