cPanel symlink exploit
There is a serious security hole in the way that Apache handles symlinks on servers.
This allows an exploited account on a server to view .php files owned by other accounts, thus a single-account potentially exploits many accounts on the server.
The exploit, in general terms, is to create a symbolic link file (eg public_html/fred.txt) pointing to a wp-config.php file (eg /home/otheracct/public_html/wp-config.php) which contains database user and password which will occasionally be the cpanel username/password. The file is then readable via a web browser. If the user has been unwise enough to use their cpanel username/password for the database.
This script will find if there is any symlinks in the users home directory and save the output to /root/symlinks.txt
find /home*/*/public_html -type l >> /root/symlinks.txt
Rack911 has published an easyapache patch which adds the file /scripts/before-apache-make to force SymLinksIfOwnerMatch to be always on.
wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make
chmod 700 /scripts/before_apache_make
Rebuild apache after.
Enable Symlink Race Condition Protection from Exhaustive Options list during the EasyApache build process.