[thelist] Possible exploit
Simon Willison
cs1spw at bath.ac.uk
Thu Nov 20 14:14:18 CST 2003
Keith Underdown wrote:
> My Awstats shows that various external sites, mostly bloggers, have
> included links to port 2082 on my website. This is the control panel.
> It goes to a verification screen. What's the purpose of this? Are there
> weaknesses in CPANEL that they are encouraging black hats to probe?
Do you check your site statistics using a tool in your control panel? If
so, what's probably happening is that other bloggers are checking their
own stats, seeing a link from YOUR stats to their site and following the
link back to your control panel where they realise that it's a password
protected tool and surf off somewhere else. If this is the case, the
referrals coming in to your control panel should be from sites that you
have received referrals from recently and checked out by clicking a link
in your own admin panel.
More information about the thelist
mailing list