Melange Chat Server

I was setting up a server yesterday and I came across something running on port 6666. Telnetting to it, a chat interface appeared on my screen.

I couldn't find its entry in ps aux, inetd.conf, or xinetd conf files, but I finally found the name of the program listening on that port with lsof. It was running from the /usr/local/cpanel dir! It ended up being the Melange Chat Server, an IRC-like chat server that you can telnet to and talk.

Anyways, I googled it, and I found that the Melange Chat Server comes with CPanel, and runs on port 6666 (a common IRC port). It allows customers to set up chat rooms on their site, but it seems to be a security risk to me.

First, it's always good to get rid of all unneeded services.

Second...Melange is written in C, so it is potentially vulnerable to buffer overflows (haven't checked the source) and other dangerous exploits. While I don't believe it runs as root, it could be used as a "stepping stone" to gain more access to a system.

Finally, because it runs on port 6666, many script kiddie portscanners will "flag" it as a potentially vulnerable server, because it's often possible to get op status by DoSing IRC servers.

I was just wondering how many CPanel hosts run Melange. An explanation would be great, if you have time.

Thanks!

 

 

 

 

Top