LinkBack URL
About LinkBacksHello
How to protect my server so that hackers can not see the list of users of my server?
Thank you
Konrath
How to protect my server so that hackers can not see the list of users of my server?
Hello
How to protect my server so that hackers can not see the list of users of my server?
Thank you
Konrath
Excluding cPanel/WHM and SSH, where are you currently seeing an accessible list of users for your server?
cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
Hello cPanelDonOriginally Posted by cPanelDon
Hackers can get a list of users in /var/cpanel/users/ using
CAT command in a PHP script.
After they can change all pages INDEX of all sites using a simple
PERL script.
The other method used by hackers is running the FIND command to find all index pages in home partition.
I have isolated the FIND (I put the find command in another folder) that can not be executed by hackers.
-----------------
I want to protect the server so that hackers can not change all index of all sites.
How to protect the list of users on the server?
-----------------
If the hacker can not run the command FIND (because I've isolated this file) and if the hacker can not obtain a list of users of the server, then the hacker can never change all index pages of all sites.
Do you understand? Sorry for my bad English.
Thank you
Konrath
Last edited by konrath; 10-30-2009 at 09:50 AM.
I also believe that using a PERL script, hackers can get a list of users of /var/cpanel/users/
At the moment there is absolutely no security
A malicious hacker can change all index files that are inside the home partition.
Thank you
Konrath
Hello
any suggestion?
Thank you
Konrath
What are your permissions on the /var/cpanel/users directory?
Kenneth
Product Development
cPanel, Inc.
Hello
default permission of CPANEL INSTALATION.
drwx--x--x 2 0 0 69632 Nov 2 21:39 users/
Recently my server was hacked and all index pages was modified. I found the script used by the hacker. The script can read my list of users in /var/cpanel/users/
I have the php open base dir actived.
Thank you
Konrath
Last edited by konrath; 11-02-2009 at 10:54 PM.
Via root SSH access, what is the output from the following command?
Code:# /usr/local/cpanel/bin/rebuild_phpconf --current
cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
-bash-3.00# /usr/local/cpanel/bin/rebuild_phpconf --current
Available handlers: dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: dso
SUEXEC: enabled
I do not remember if Apache and PHP was recompiled after the last invasion. This type of invasion was made on 2 servers in my company. All index hackead in 2 servers.
I know that the execution of the FIND command to search for all INDEX in home partition is done through a script in PERL.
Thank you
Konrath
To have better security, I would consider enabling SuPHP (and using this for the PHP handler instead of DSO). To make SuPHP available you would need to run EasyApache again and select SuPHP in the build options, then you could use WHM to switch from DSO to SuPHP.
Without SuPHP, PHP scripts that are exploited will run malicious scripts as the Apache user/group "nobody" and this includes the potential for Perl scripts to be executed.
With SuPHP, PHP scripts run as the user that owns the Virtual Host serving the request, so that if the user's PHP scripts are exploited and a malicious script attempts to run, it can only run as the regular user and not as the shared Apache user/group nobody, decreasing the potential for widespread damage.
I recommend the following documentation for more verbose details comparing the different PHP handlers:
ApachePHPRequestHandling < EasyApache3 < TWiki
cPResources: Submit a Support Request - Submit a Bug Report - Review existing Tickets-- Donald cPanelDon Holl - Analyst, cPanel Quality Assurance
Hello
I will try your recomendation.
Thank you
Konrath
Reply With Quote