Jump to content
MDDHosting Forums

Forced Global cPanel, WHM, and VPS Password Resets


Michael D.

Recommended Posts

Update:

The compromise originated with the email account of one of our administrators becoming compromised. This enabled the attacker to reset that administrator's password and gain access to our support system. We've added additional layers of security to our support system as a result. Even if a malicious individual obtains an administrator username and password, they will be unable to access our support system with that information alone from this point forward.

 

Original Message:

Hello,

 

On Wednesday, February 13, 2013 at approximately 7:20 AM we were alerted by our intrusion systems that a third party had obtained access to our support system. We locked down the system nearly immediately and have performed several hours of investigation to identify what data, if any, the attacker had access to. As a part of this investigation we have added additional layers of security and are working with our software vendor to further investigate.

 

We do not store credit card information in our support system, however, our support system does store cPanel passwords. We've chosen to forcefully reset all cPanel and WHM passwords across all servers to ensure that they remain safe and secure. We have also sent out an email to all clients providing more details on the situation as well as providing step-by-step instructions on setting new passwords. While this may be overkill, the potential consequences of not taking such a quick and targeted action could result in substantial damage should the attacker have obtained your control panel password.

 

We do understand that you may find yourself blocked due to trying to log in before seeing this forum post or the email we've sent. In the event that you're not able to load cPanel or you are not able to connect to the server or any sites on said server at all do please open a ticket with our technical support department and we'll get you unblocked.

 

You are welcome to ask any general questions here (i.e. anything not specific to your account) but do please save any account-specific questions for a support ticket. You are certainly welcome to respond to the message that we've emailed to you with any questions you may have.

 

Thank you,

Link to comment
Share on other sites

An update with some additional information based upon replies to our email message.

 

No servers were compromised or hacked, we reset the passwords of all cPanel accounts as a pro-active measure to ensure account security after the unauthorized access to our support system.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...