cPanel Forums
07-11-2009, 08:48 PM
|
||||
|
||||
|
Quote:
I saw your original post a couple days ago and briefly contacted you but I have also been very busy this week helping a lot of users deal with the current hacking attacks going around, helping people secure their servers, and have not had much free time available. I would very much like to take a look at your server and sit down and go over with you all that you have done to try to clean it out and update the security as there is likely a great many areas you missed (based on your comments in each of your posts) that I may be able to help you address. You are already off to a good start in the things you list in your post above but I also see a great number of critical areas to address where you did not mention doing anything to secure your server in those areas. When you are available, try to contact me and if I have a few free moments, I'll try to make room to talk to you and help you with your server. -Spiral
__________________
My Server Expert: Server support, security, and management!     
|
|
07-13-2009, 06:04 PM
|
|||
|
|||
|
Hi Everybody.
This is my first post. First of all please be careful everyone who uses FILEZILLA. The reason? Very Simple Look in your machine for a file called "sitemanager.xml". You can open it with a notepad. It holds all the information of your accounts. In plain text. User. Password (not encrypted!!). Once you have a trojan/virus (like Malicious.PDF.Gen, etc), is a piece of cake to it to get that information. It only have to read the xml and send that information to the attacker. Now i am using another free ftp client. EFTP. It encrypts everything. I will try it now. Good Luck (and sorry for my odd english)
|
|
07-13-2009, 11:46 PM
|
||||
|
||||
|
[QUOTE=ramzex;541109]Crap!
This is not the iframe method! We had exact same issues our our customers webservers. We have investigated this issue and found the following: Hello I do not agree with you. ------------------------------ 3. Script has modified the passwords of the accounts located in /etc/passwd ------------------------------ The passwords of the customers are not modified. What I see in this log (sent by sallen812) is exactly what happens to my clients infected with iframe hack. Thank you Konrath Last edited by konrath; 07-13-2009 at 11:49 PM.
|
 |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Hacker?? Need help | ChipW | cPanel and WHM Discussions | 3 | 06-12-2007 03:42 AM |
| is this a hacker ? | gordypordy | cPanel and WHM Discussions | 4 | 02-01-2006 01:07 PM |
| Crazy hacker....... | amal | cPanel and WHM Discussions | 14 | 05-09-2005 11:58 PM |
| Hacker Alert | compunet2 | cPanel and WHM Discussions | 1 | 07-02-2003 04:18 PM |
| Is this a hacker?? | hjnet | cPanel and WHM Discussions | 3 | 05-31-2002 07:17 AM |
All times are GMT -5. The time now is 05:34 AM.
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc
