TOP 10 WEB HOSTING

Inmotion Web Hosting Bluehost Web Hosting WebHostingPad Web Hosting JustHost Web Hosting Hostmonster Web Hosting Globat Web Hosting Yahoo Web Hosting GoDaddy Web Hosting Lunarpages Web Hosting Dot5Hosting Web Hosting

RECOMMENDED

ads ads ads ads

Latest Zamfoo version sends your ROOT PASSWORD by e-mail back to them!

From a thread I’ve just seen over at DigitalPoint:

http://forums.digitalpoint.com/showthread.php?t=1392703

Quote:

First of all, What I am going to disclose here is not a fake statement.
I am also the user of Zamfoo and like this script spacially support of Zamfoo.
But I found that every time when you run zamfoo upgrade, Zamfoo decode the server root password and send that password to support@zamfoo.com.
See below email,

Code:
version 3.1 license: xxxxxxxxxxxxxxx

 debugger: Summary of my perl5 (revision 5 version 8 subversion 8) configuration:

 Platform:

  osname=linux, osvers=2.6.18-128.1.1.el5.028stab062.3, archname=i686-linux

  uname='linux Serverhost name 2.6.18-128.1.1.el5.028stab062.3 #1 smp sun may 10 18:54:51 msd 2009 i686 i686 i386 gnulinux '

  config_args='-ds -e -Dprefix=/usr/local -Doptimize=-Os -Duseshrplib -Dusemymalloc=y'

  hint=recommended, useposix=true, d_sigaction=define

  usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef

  useperlio=define d_sfio=undef uselargefiles=define usesocks=undef

  use64bitint=undef use64bitall=undef uselongdouble=undef

  usemymalloc=y, bincompat5005=undef

 Compiler:

  cc='cc', ccflags ='-fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',

  optimize='-Os',

  cppflags='-fno-strict-aliasing -pipe -Wdeclaration-after-statement -I/usr/local/include -I/usr/include/gdbm'

  ccversion='', gccversion='4.1.2 20080704 (Red Hat 4.1.2-44)', gccosandvers=''

  intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234

  d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12

  ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8

  alignbytes=4, prototype=define

 Linker and Libraries:

  ld='cc', ldflags =' -L/usr/local/lib'

  libpth=/usr/local/lib /lib /usr/lib

  libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc

  perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc

  libc=/lib/libc-2.5.so, so=so, useshrplib=true, libperl=libperl.so

  gnulibc_version='2.5'

 Dynamic Linking:

  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/usr/local/lib/perl5/5.8.8/i686-linux/CORE'

  cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

 

 

Characteristics of this binary (from libperl):

 Compile-time options: MYMALLOC PERL_MALLOC_WRAP USE_LARGE_FILES

                      USE_PERLIO

 Built under linux

 Compiled at Jun  3 2009 02:53:21

 @INC:

  /usr/local/lib/perl5/5.8.8/i686-linux

  /usr/local/lib/perl5/5.8.8

  /usr/local/lib/perl5/site_perl/5.8.8/i686-linux

  /usr/local/lib/perl5/site_perl/5.8.8

  /usr/local/lib/perl5/site_perl

  .

 

 querystring: license=YouZamfooLicenseDetail

 compare:

 capture: read_license,pathtranslated,php_exec_curl,parse xml,parseurl,

 capture2: PATH=/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/lib/courier-imap/sbin:/usr/lib/courier-imap/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin

DOCUMENT_ROOT=/usr/local/cpanel/base

SERVER_SOFTWARE=cpaneld

CPANEL=active

SERVER_PORT=2086

SERVER_PROTOCOL=HTTP/1.1

GATEWAY_INTERFACE=CGI/1.1

DNS=yourdomain.com

REMOTE_HOST=212.116.219.101

REMOTE_ADDR=212.116.219.101

REMOTE_PORT=38184

SERVER_ADDR=YourServerMainIP

REQUEST_METHOD=GET

CONTENT_LENGTH=

QUERY_STRING=

ACCEPT_ENCODING=gzip,deflate

TRANSFER_ENCODING=

REQUEST_URI=/cgi/zamfoo/zamfoo_b9_toolset.cgi

SCRIPT_URI=/cgi/zamfoo/zamfoo_b9_toolset.cgi

HTTP_X_FORWARDED_FOR=xxxxxxxx

HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11

HTTP_REFERER=http://xxxxxxxxxxxxx:2086/cgi/zamfoo/zamfoo_landing_root.cgi

CONTENT_TYPE=

HTTP_COOKIE=logintheme=cpanel; whostmgrrelogin=no; whostmgrsession=closed

HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.7

HTTP_ACCEPT_ENCODING=gzip,deflate

HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5

HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

HTTP_HOST=ServerMainIP

SERVER_NAME=ServerMainIP

SUBID=

UPLINK=

REMOTE_USER=root

REMOTE_PASSWORD=xxxxxxxxxxx

SCRIPT_NAME=/cgi/zamfoo/zamfoo_b9_toolset.cgi

SCRIPT_FILENAME=/usr/local/cpanel/whostmgr/docroot/cgi/zamfoo/zamfoo_b9_toolset.cgi

REDIRECT_STATUS=1

I have change and bold the my server detail.

How can you test in your server?

I don’t know its work for you or not but try it.
Create a cPanel account with domain zamfoo.com
then create a email Id in this account via cPanel support@zamfoo.com

now run upgrade via Zamfoo >> B9 Tool Set – BETA >> check Update ZamFoo
and click do it

After that check email of support@zamfoo.com
You will see the email above.

Method 2:
Block all out going email then check Mail Queue Manager under root WHM after upgrade Zamfoo you will see this email.

—-

This certainly does seem worrying for a piece of hosting software, it has been confirmed by the producer of the script later on in the thread and they’re working on a patch . . . they said it was put in by accident.

I don’t use the software personally, never will touch anything to do with master reseller. I thought I’d post a thread here since there isn’t one currently.

Share zogit.com with your friends:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Live
  • MySpace
  • ppnow
  • StumbleUpon
  • TwitThis
  • Yahoo! Buzz
  • Technorati
  • Share/Bookmark

No Response to “Latest Zamfoo version sends your ROOT PASSWORD by e-mail back to them!” »

No comments yet.

RSS feed for comments on this post.

Leave a comment

e-storage pro Wordpress Theme