Own a Server? (Remove Fantastico now)
Posted by BitSurFer, 04-30-2007, 08:31 PM Hello EveryOne If you have Fantastico installed in your server Remove it now or you will get hacked they can get your server root I can't paste the exploit here Thanks
Posted by boonchuan, 04-30-2007, 08:54 PM Maybe you can contact Fantastico of what you have found and give them the exploit, this will help far more people than posting it here.
Posted by Alex, 04-30-2007, 09:19 PM Yes, how do we know your information is even valid? I would say 95% of all Fantastico hacks are really just people who don't bother to update Fantastico installed scripts. That being said, I don't have Fantastico on any of my boxes, and will probably never have it, due to the security problems that come from users installing old scripts and forgetting about them. I would much rather take 5 minutes to install the script for the user correctly than let a script on the server attempt to do it. Alex
Posted by SoFiMaN, 04-30-2007, 09:22 PM I am not using fantastico but I heared there was one long time ago and I believe they fixed it. If its a new one I would do as boonchaun said and contact them directly. Last edited by SoFiMaN; 04-30-2007 at 09:33 PM.
Posted by whmcsguru, 05-01-2007, 03:10 AM While it's never advisable to post an exploit publically, it makes you look bad when you refuse to post at least some details of the exploit, and takes credibility away from you. Fantastico itself is most likely NOT vulnerable, but an internal application of it MAY be (most likely one of the *nukes or WP). Without details again, your credibility is pretty much shot.
Posted by bdwarr6, 05-01-2007, 05:04 PM I am sure that if it was a widespread issue with the latest version we would be hearing alot more about it as thousands if not close to a million servers are running it.
Posted by jpetersen, 05-05-2007, 12:14 PM BitSurFer - was there ever anything to validate your claims, or was this just FUD?
Posted by Galaxy-Hosts, 05-05-2007, 12:30 PM I think the OP is referring to this exploit http://milw0rm.com/exploits/3459 . That exploit has been patched http://www.netenberg.com/forum/viewtopic.php?t=5614 . So rather than uninstalling Fantastico, just make sure it is updated.