Head Developer & Project Leader
ZPanel in the news 'attacked by Anonymous'
ZPanel has been mentioned on various news sites this week citing claims that the hacker group 'Anonymous' have stated that they have managed to force a password resets on Zpanel installations using a zero day attack.
We were made aware of this bug several months back by our professional security firm 'WebSec' and we have already released a fix of which is implemented in version 10.0.1 of ZPanel.
We can therefore only assume that 'Anonymous' was 'hacking' version 10.0.0 of ZPanel of which we have already released a fix for back in August of this year!
Some news websites have stated that 'Anonymous' had managed to obtain passwords from ZPanel installations - We would like to categorically state that all account passwords are stored as a non-reversible 'salted' hash meaning that any passwords obtained could not have been in plain-text. Additionally, encrypted passwords would only have been extracted from the few users of ZPanel that failed to upgrade to the latest version despite official forum announcements at the time the patch was released earlier this year and automatic version checking warnings that the ZPanel software provides.
We would also like to officially state that we have yet to have seen proof of the alleged 28,000 passwords.
If you have any questions please post in our 'General Support' forum.
Bobby & The ZPanel Team
Last edited by lottfy; 06-11-2012 at 11:42 AM.