The providers of the cPanel website management application are warning some users to immediately change their systems' root or administrative passwords after discovering one of its servers has been hacked.
In an e-mail sent to customers who have filed a cPanel support request in the past six months, members of the company's security team said they recently discovered the compromise of a server used to process support requests.
"While we do not know if your machine is affected, you should change your root level password if you are not already using SSH keys," they wrote, according to a copy of the e-mail posted to a community forum. "If you are using an unprivileged account with 'sudo' or 'su' for root logins, we recommend you change the account password. Even if you are using SSH keys we still recommend rotating keys on a regular basis."cPanel Hack: Users Should Change Root and Account Passwords [arstechnica.com]