- Joined
- May 26, 2024
- Messages
- 1,038
- Points
- 63
Saw some weird message asking for 0.1btc to restore the site.....
-
IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here. The OTHER forum is HERE so please stop asking.
Vat happened yesterday ah? Sammyboy tio hacked and held ransom?
- Thread starter Les grossman
- Start date
- Joined
- Jul 2, 2021
- Messages
- 4,967
- Points
- 113
the blackout was pretty long.... wasn't able to visit.....
- Joined
- Aug 20, 2022
- Messages
- 29,568
- Points
- 113
So scary...
- Joined
- Apr 13, 2010
- Messages
- 1,159
- Points
- 83
- Joined
- Dec 6, 2018
- Messages
- 20,023
- Points
- 113
Same same
- Joined
- Sep 11, 2010
- Messages
- 41,886
- Points
- 113
I know! I was like hokay, time to find a new hobby.So scary...
Very grateful boss Sam got it sorted out.
- Joined
- Sep 13, 2023
- Messages
- 2,743
- Points
- 113
Ddos attack by PAP IB? Shanmugam trying to cover his tracks?
- Joined
- Jun 11, 2017
- Messages
- 1,014
- Points
- 83
- Joined
- Aug 8, 2008
- Messages
- 20,686
- Points
- 113
I thought the whole site went kaput
I thought the authorities had done something to the site and are investigating into all the anti-Pappies' comments.
- Joined
- Jul 25, 2008
- Messages
- 64,859
- Points
- 113
anyone jumps off hdb?
- Joined
- Jul 18, 2014
- Messages
- 6,514
- Points
- 113
Leongsam FTW! Managed to recover faster than DBS APP/ATM downtime LOL.
- Joined
- Jun 4, 2024
- Messages
- 1,349
- Points
- 83
If this site is compromised, then your passwords possibly too. Better change them before something untoward happens.
- Joined
- Jul 25, 2008
- Messages
- 64,859
- Points
- 113
ccp hackers?
- Joined
- Jul 10, 2008
- Messages
- 67,389
- Points
- 113
**Yes, there's a major ongoing wave of compromises hitting cPanel/WHM servers right now, tied to a critical vulnerability (CVE-2026-41940).**
This is a pre-authentication bypass (via CRLF injection in the login/session flow) that lets unauthenticated attackers gain full control of exposed cPanel & WHM (and WP Squared) instances. It affects all versions after 11.40. Exploitation has been happening in the wild since at least late February (as a zero-day), but it exploded after public details and PoCs dropped around April 28–29, with a massive surge on May 1.
### Key details on the scale and impact:
- **Thousands of servers hit quickly**: On May 1 alone, there was a huge spike — ~15,300 new malicious/compromised cPanel hosts (making up ~80% of new compromises that day in some tracking). Multiple campaigns are active.
- Attackers are deploying **Mirai botnet variants** (e.g., "nuclear.x86") for DDoS/IoT-style abuse on some servers.
- Others are hit with **".sorry" ransomware**, which encrypts files (often visible in open directories) and affects thousands more.
- Targets concentrate on VPS/cloud providers (DigitalOcean, Contabo, OVH, etc.). Roughly 1–1.5 million cPanel instances are exposed on the internet, making mass scanning/exploitation easy.
cPanel released emergency patches on April 28. CISA added it to the Known Exploited Vulnerabilities catalog, urging quick action.
### What you should do if you run or use cPanel/WHM servers:
- **Patch immediately** — Use the updater (`/scripts/upcp --force`) or your host's tools. Check your version.
- Rotate credentials, review logs for suspicious auth/activity (especially around late April–May 1), and scan for indicators like the ".sorry" files, unusual binaries, or Mirai C2 traffic.
- If unpatched and internet-exposed, assume compromise and rebuild if possible.
- Hosting providers have been blocking ports temporarily and pushing updates.
This isn't the earlier Stryker incident (March 2026 Iran-linked wiper attack on ~80k–200k devices via Microsoft Intune abuse) — that's weeks old. The current buzz is specifically this cPanel wave.
If you're seeing this on specific servers or have more details (e.g., error messages, hosting provider), I can help narrow it down further. Stay safe and patch!
This is a pre-authentication bypass (via CRLF injection in the login/session flow) that lets unauthenticated attackers gain full control of exposed cPanel & WHM (and WP Squared) instances. It affects all versions after 11.40. Exploitation has been happening in the wild since at least late February (as a zero-day), but it exploded after public details and PoCs dropped around April 28–29, with a massive surge on May 1.
### Key details on the scale and impact:
- **Thousands of servers hit quickly**: On May 1 alone, there was a huge spike — ~15,300 new malicious/compromised cPanel hosts (making up ~80% of new compromises that day in some tracking). Multiple campaigns are active.
- Attackers are deploying **Mirai botnet variants** (e.g., "nuclear.x86") for DDoS/IoT-style abuse on some servers.
- Others are hit with **".sorry" ransomware**, which encrypts files (often visible in open directories) and affects thousands more.
- Targets concentrate on VPS/cloud providers (DigitalOcean, Contabo, OVH, etc.). Roughly 1–1.5 million cPanel instances are exposed on the internet, making mass scanning/exploitation easy.
cPanel released emergency patches on April 28. CISA added it to the Known Exploited Vulnerabilities catalog, urging quick action.
### What you should do if you run or use cPanel/WHM servers:
- **Patch immediately** — Use the updater (`/scripts/upcp --force`) or your host's tools. Check your version.
- Rotate credentials, review logs for suspicious auth/activity (especially around late April–May 1), and scan for indicators like the ".sorry" files, unusual binaries, or Mirai C2 traffic.
- If unpatched and internet-exposed, assume compromise and rebuild if possible.
- Hosting providers have been blocking ports temporarily and pushing updates.
This isn't the earlier Stryker incident (March 2026 Iran-linked wiper attack on ~80k–200k devices via Microsoft Intune abuse) — that's weeks old. The current buzz is specifically this cPanel wave.
If you're seeing this on specific servers or have more details (e.g., error messages, hosting provider), I can help narrow it down further. Stay safe and patch!
Similar threads
