[thelist] Possible exploit

Keith Underdown keith.underdown at qconsultancy.co.uk
Fri Nov 21 15:20:35 CST 2003

On Thu, 20 Nov 2003 12:37:20 -0700, patrick <pms at stoutstreet.com> wrote:

> does your CP default to the panel login when you get a 404?
> patrick sanders
> http://www.stoutstreet.com
> web sites that fit
> Keith Underdown wrote:
>> My Awstats shows that various external sites, mostly bloggers, have
>> included links to  port 2082 on my website. This is the control panel.
>> It goes to a verification screen. What's the purpose of this? Are
>> there weaknesses in CPANEL that they are encouraging black hats to 
>> probe?
>> There's no evidence of any one getting through. The last logon info
>> always corresponds to me.
It's set up by my host and I'm not up to speed on it. It seems to be a 
permissions thing. I get the standard logon panel.

The odd thing is that these sites:


no-longer work properly for me. They mostly give me the Apache test page. 
I could get to some of them yesterday and could see that their links list 
contained a number of :2082 references, which is what alerted me to a 
possible concerted action against CPANEL controlled sites. I've even tried 
on a dial up conection to ensure that I've got a different ip address and 
entered the URL's manually.

It's all very peculiar.

Keith Underdown (Managing Director)
The Q Consultancy Ltd
KALIDO Information Archtectures Specialists
+44 7798 934782

More information about the thelist mailing list