Dsant wrote:
On Thursday 02 May 2013 17:54:48 Cristian Rodríguez wrote:
El 02/05/13 07:38, Marcus Meissner escribió:
The intrusion vector is likely not apache2, the bad guys just replace the apache2 httpd binary. Most likely not apache ;)
How they achieved root access is a different topic. Apparently through proprietary Cpanel admin tool, which indeed has root privileges to modify anything on the system.
You're right : http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-serve...
So OpenSUSE is safe :) (Unless install this proprietary tool)
I think you're reading too much into that one article. (Apart from one blog article is not necessarily 100% accurate). They talk about a particular technique used with cPanel but they don't exclude other techniques in other circumstances. And at the end they say: "We also don’t have enough information to pinpoint how those servers are initially being hacked, but we are thinking through SSHD-based brute force attacks." Which certainly sounds different to a route exclusively through cPanel. FWIW, I don't know anything about, use or have any other connection with cPanel. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org