Hackers are continuing to exploit a critical vulnerability in cPanel and WebHost Manager (WHM) software to take control of thousands of websites, according to a report from TechCrunch.
Security researchers first alerted the public to the flaw last Thursday. The bug allows attackers to hijack vulnerable servers through their control panels, according to the outlet.
Data from the nonprofit organization Shadowserver shows that more than 550,000 servers running cPanel remain potentially vulnerable as of Monday. This number has held steady for several days.
While the number of potentially vulnerable servers has not decreased, the number of active compromises is shifting. Shadowserver statistics indicate around 2,000 cPanel instances are likely compromised, a significant drop from the 44,000 instances identified last Thursday.
Ongoing exploitation
The scale of the exploitation is evident through search engine activity. TechCrunch reported that Google has indexed specific strings associated with the attacks, a sign of the visible damage caused by the breach.
Security researchers noted that the vulnerability allows attackers to take full control of the vulnerable servers. The vulnerability was disclosed nearly a week ago by the developers of the web server management software.
