Over the weekend, an announcement was made by security experts that the popular web host control panel, cPanel is vulnerable to CRFS (Cross-Site Request Forgery) attacks.
The attacks can happen when visiting malicious web sites that contain code which can execute commands in cPanel whilst you are still logged in.
This leak has not yet (at the time of writing) been fixed, however there are some steps you can take to help prevent being attacked; cPanel recommends the following:
- Do not remain logged into any web applications or interfaces while browsing untrusted sites. Always completely log out of browser sessions for sensitive sites when activities have been completed.
- Avoid opening SPAM, Websites, or clicking on links that you do not trust especially URL shortening services found on many social media sites.
- Update your current passwords within cPanel on a regular basis and maintain strong password discipline.
You could also use a second browser for administrating cPanel, while surfing in another, but it’s still a good idea to log out fully (click the “log out” link and not just close the browser) once you have finished.
You can read cPanel’s statement here and more on The Register here.