Vulnerabilities in the folders

[sreevishnu]

Hello,

We have experienced several DOS attacks due to the scripts that are uploaded to certain Cpanel folders like /var/mail, /var/cpanel/Count, /usr/local/apache/proxy , etc .

Could anyone suggest any method to secure these folders, so that no scripts are uploaded to them?

Regards,
Sree

[poornam]

drwxr-xr-x 11 nobody nobody 4096 Jan 22 2003 psybnc/
-rw-r--r-- 1 nobody nobody 584249 Jun 21 20:30 psybnc.tar.gz
-rwxrwxrwx 1 nobody nobody 27353 Jun 27 00:41 pam*
-rwxr-xr-x 1 nobody nobody 31061 Jun 27 17:59 fox*
-rw-r--r-- 1 nobody nobody 22536 Jun 27 17:59 fox.c
-rwxr-xr-x 1 nobody nobody 13948 Jun 22 18:13 dos6*
-rw-r--r-- 1 nobody nobody 2816 Jun 22 18:12 dos6.c
-rw-r--r-- 1 nobody nobody 27353 Jun 24 21:48 cop.1
-rw-r--r-- 1 nobody nobody 27353 Jun 24 21:48 cop.2
-rwxrwxrwx 1 nobody nobody 54706 Jun 24 21:46 coper*
-rwxrwxrwx 1 nobody nobody 27355 Jun 26 02:44 sp*
-rwxrwxrwx 1 nobody nobody 572 Jun 27 20:30 st*
-rw-r--r-- 1 nobody nobody 13399 Jan 30 17:04 st.1
-rwxrwxrwx 1 nobody nobody 14655 Jun 26 01:03 vad*
-rw-r--r-- 1 nobody nobody 14655 Dec 25 2003 vad.1
-rwxrwxrwx 1 nobody nobody 14655 Jun 20 01:41 vadim*


These are some of the files I find in /var/mail and /var/spool/mail

Any help on what we can do about this..cpanel is getting ridiculously buggy :-/

[LP-Trel]

You may have been rooted.

I would get that server looked at by a security expert ASAP.

[ramprage]

Sree,

The folders you metioned are not accessible unless the user has broken out of their account or taken control of your server. Hire a server administrator ASAP to look at your machine.