If you use cPanel and WHM software, be alert—hackers could gain access to the admin panel..
In today's digital era, while many things have become easier, incidents of cybercrime are also on the rise. Scammers are constantly devising new methods to defraud people. Amidst this, the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs has issued a warning for users of cPanel and WHM software. This information is based on complaints received via the National Cyber Crime Reporting Portal (NCRP). CERT-In has also issued a warning regarding this issue. It has been reported that hackers are exploiting this vulnerability to gain unauthorized access to servers and install ransomware. Let us understand this in detail.
**Hackers Gaining Access to Admin Panels**
In its advisory, I4C stated that a serious security vulnerability has been discovered in cPanel and WHM software—tools widely used by web hosting companies to manage websites, emails, and servers. The flaw is critical enough to allow hackers to gain direct access to the server's admin panel without requiring a password or login credentials.
**What is the Impact?**
**Admin Access**
Hackers or scammers can infiltrate the cPanel/WHM admin panel without needing a login or password.
**Malware Propagation**
Once the server is compromised, malicious web shells, malware, crypto-miners, or ransomware can be injected into it.
**Website Deletion**
Hackers can alter, corrupt, or even delete website data.
**Data Theft**
Hackers can steal data belonging to the company or its customers and misuse it.
**How to Stay Safe?**
**Update Immediately**
Update cPanel and WHM immediately to patch the security vulnerability.
**Restrict Admin Access**
Limit access to WHM/cPanel to trusted IP addresses only. Use firewalls or access control rules to enforce this restriction. Enable Multi-Factor Authentication
Be sure to enable Multi-Factor Authentication (MFA) for all administrator and critical accounts.
Back Up Critical Data
Always keep offline backups of the website, database, and server settings to ensure data remains safe in the event of a cyberattack.
Disclaimer: This content has been sourced and edited from NDTV India. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.
