Daily Lucky Numbers:
5
6
8
27
46
49

Security Issues Across Linux OS'

Started by Skhilled, May 07, 2026, 08:20:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Skhilled

May 07, 2026, 08:20:32 PM Last Edit: May 07, 2026, 08:46:31 PM by Skhilled
I'm sorry that I haven't been around but I've been through server hell and back. LOL

The reasons being is that I was having servers issues with older forums and WordPress sites that weren't upgraded and still using older PHP versions. Those versions are outdated and can cause security vulnerabilities, as well as just operating issues. Those sites started having problems, although, they were warned well ahead of time.

Fast forward to the present... There eventually came a hacking that had nothing to do with their issues which compounded things even further making it harder to tell what was going on. While trying to fix some of the former issues, I started noticing some strange attempts on the server. So, I decided to move to new hosting as the one I saw with was no help at all!

After, about a week after moving to the new hosting, I slowly started receiving login emails from "unknown sources". This usually means that one or more persons have gained access who were not supposed to be there. I mean Admin access. Luckily, I had already moved everything and am HOPING all is good with the new hosting. So far, everything has been good. I even paid for CloudLinux which will give you older PHP versions which they keep updated, as well as other things. I've seen CloudLinux for a long time but have never thought that I would need them, until now! :) Yes, I was using Contabo Hosting and they currently are not answering any support tickets "due to high demand". It's been a few days for me now. So, I can only think that, maybe, a lot of their servers were hacked, unfortunately! :(

Here are the current security issues I've faced and have noticed, thus far:

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution:

https://xint.io/blog/copy-fail-linux-distributions

Dirty Frag [CVE Pending]: Mitigation and Kernel Update on CloudLinux:

https://blog.cloudlinux.com/dirty-frag-mitigation-and-kernel-update

I hope that this will help others to protect themselves and others. :)

Chen Zhen

#1
May 08, 2026, 05:08:07 PM Last Edit: May 08, 2026, 05:09:38 PM by Chen Zhen
How did the hack work, exactly?
I read the 2 articles and it sounds like the "Copy Fail" exploit is hacking the cache to trick the host & continue a root session.
So it bypasses an encrypted SSH key pair by doing this?

Do you also use a random unused high numbered port? (you should)

I've had some attacks recently that I patched up by reconfiguring things but luckily nothing like this as far as I know.

Skhilled

#2
May 08, 2026, 09:00:42 PM
Personally, I'm not sure how it worked. All I know is what I've read. cPanel has also had one or more upgrades because of hackings, etc.

I do use a different port and have for a very long time. The problem is that they can take over a local user account and turn it into an admin account...from what I've been reading. I've recently installed CloudLinux on my new server and they keep the older PHP versions up to date, but, you do have to pay for it. I got it so that I could fix the SMF versions that were running SMF 2.0x and needed PHP 7.x or other outdated PHP versions. And they do work.  :) After I get the older versions straightened out, I'll probably disable CloudLinux, maybe. Their support is very good and they will help you fix any problems even if they need access to your server and do it themselves. :)

So, I've been running around letting everyone that I know who runs a server so that they and their users will be safe.  :D
Print
Go Up Pages1
User actions