phpnuke exploit protection

**mahdionline** · 01-19-2005, 10:43 AM

Hi

I have a DREADFUL problem with some of phpnuke that hosted on my server. Ev1 abuse team send me a mail about " PHP-Nuke Exploit " . they notice me that a spammer use of a phpnuke site to do his work. and send many spam in every month.

now I have 3 question :

1- how can i discover that which account on server use phpnuke ?
( I see in mysql database list that we have about 200 phpnuke on our server)

2- how can I find out that which of account is victim of that spammer ?

3- how can I filter all phpnuke ?( can I do this with mod_security) ?

Regard

**projectandrew** · 01-19-2005, 11:18 AM

Under WHM in Addon Modules, you can install the addonupdates module - this adds another option in WHM called 'Addon Script Manager'. This can be used to find PHPNuke installs, but I am not sure if it only finds versions of PHPNUke that have been installed via cPanel.

**PPNSteve** · 01-19-2005, 11:51 AM

we are currently NOT reccomending to use PHPNuke to our clients.. also if you can, have them shut off the email function in nuke.

i'm sure there are other solutions as well..

**mahdionline** · 01-20-2005, 10:11 AM

Originally Posted by PPNSteve

we are currently NOT reccomending to use PHPNuke to our clients.. also if you can, have them shut off the email function in nuke.

i'm sure there are other solutions as well..

thanks but how can I filter or shut off outgoing mail of phpnuke sites ?
a note : we have near to 200 phpnuke on our server. and I donot know , which account is the victim of spammer .! !

please help me !

**gorilla** · 01-20-2005, 10:28 AM

have u installed PHP suEXEC ? find it in WHM/software/update apache
u can trace the spammer with that :

Have u enabled SMTP Tweak ? in Tweak Security
This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.

And i guess you could Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.) u find that in WHM/Tweak Settings

and i guess u could tell all ur customers to protect their nuke install with Sentinel

**mahdionline** · 01-20-2005, 10:46 AM

Thanks ! I do that and now I should wait for the future and . . .

Forums

Thread: phpnuke exploit protection

LinkBack

Thread Tools

phpnuke exploit protection

Similar Threads

mod_userdir Protection - Exclude Protection Not Working

PHPNuke

PHPNuke

phpNuke

cPanel & WHM

Enkompass

Help

Community

Company

Connect with Us