GoFuckYourself.com - Adult Webmaster Forum - View Single Post

raymor · 03-28-2012, 08:44 AM

Quote:

Originally Posted by chaze

Have you ever hacked a cpanel server or seen one hacked from something cpanel provided?

That's our 9-5, so yeah. We've been doing this for 15 years, so I'd guess maybe 180 CPanel servers.

Quote:

I would like to know how you did this or how it was done, I am sure they would too!

I guess you didn't read the first few words of the post you quoted and replied to:

Quote:

Originally Posted by raymor

Knowing the CPanel code from having fixed various bugs in CPanel

I've sent them patches as well as systems design suggestions. If you'd like to know about them, read the CVEs.

Quote:

Our root passwords are kept offline and only our head tech has access. That way there is only one person in charge of this important information.

Translation - if one guy is asleep or anything happens to him, we're fucked and so are our customers.

Quote:

Mainly it helps newbies keep their sites safe and simple, this means most people don't need a webmaster that can turn on them like I have seen many times. That alone is a some real security not having to trust some webmaster

Look at the clock. It's time to stop writing and start reading. here's a good place to start:
http://www.securityfocus.com

I know your natural tendency is to want to argue with me. Stop. Look at the names on those CVEs at securityfocus and elsewhere. For example, here's a flaw I discovered that would let me take down wikipedia and thousands of other sites with just a couple of clicks:
http://www.securityfocus.com/bid/51355

You'll see on the CVEs the flaws were discovered by "Ray Morris". That's "raymor", me. You are in the presence of professionals - the people who find and fix security flaws all day, everyday. Right now it's time to shut up, listen, and learn. Next year, when you're answering a newbie's simple question, it will be time for you to talk.