Website hosting provider cPanel has been sending out emails to their customers who have filed cPanel or WHM support requests in the past six months. Members of their security team stated that they recently discovered the compromise of a server which had been used to process support requests. The providers of the cPanel website management application are warning users to immediately change their systems’ root or administrative passwords after discovering one of its servers has been hacked.
The hosting provider does not know for certain the extent of the hack or what, if any, information was stolen during the compromise. Since the nature/extent of compromise is still unknown to them it is been advised by cPanel Security Team to take immediate action on the servers. It is highly recommended to change the server root level password or If you are using an unprivileged account with “sudo” or “su” for root logins, it is recommend to change the account password as well.
You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with “sudo” or “su” for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.
As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel’s security team is continuing to investigate the nature of this security issue.
–cPanel Security Team
As a precaution, we recommend that you follow the advice contained in the email above. Likewise, if you commonly reuse credentials, such as User Names or Passwords, it may be prudent to have these updated on any other services you use them on.
cPanel’s security team is continuing to investigate the nature of this security issue. The cPanel compromise is the latest in a long string of high-profile hacks to be disclosed over the past few weeks.
Reference link on how to check your system’s integrity: