September 28, 2006

Web hosting company HostGator wrote a recent letter to hosting control panel software provider cPanel asking that the company engage independant security technicians for a full security audit of the cPanel/WHM codebase.

The move is in relation to last weekend's security attack that largely exploited a security flaw in cPanel hosting to gain access to HostGator and several other Web hosts.

The letter states, "the evidence of a local privilege escalation compromise, the large scale issues experienced by the Hostgator group, and the closed source nature of your management platform are the underlying reasons for a formal audit request.

At this point in time we require assurance from a third party entity that your codebase provides a secure operating environment for our users."

HostGator also requested that any audit include fixes to all discovered security issues and full disclosure be provided to cPanel partners and distributors once an appropriate time had been provided.

"We wish to emphasize that we are making this request as loyal customers who want to see your product succeed, as it is in the best interest of everyone that your product be as secure as possible," writes HostGator.

The letter was written on September 24 on behalf of Web hosting providers Network Redux, BlueHost, Rails Playgound, Clear-Data Internet Services, HostingZoom and Myriad Network.

Source: The WHIR