Last month I ran a security audit on a production WHM/cPanel server. It belonged to a web agency hosting a couple dozen client sites — WordPress, WooCommerce, the usual stack.
The server had been running for years without anyone really looking at it. Sites were up, clients were happy, nobody touched anything. Sound familiar?
Here's what I found:
OpenSSH vulnerable to a critical CVE** (remote code execution class — the kind you patch the day it's announced, not years later)
SSH open to the world on port 22, root login enabled, password authentication on
