another site infected with psyme

Silver_2000

Well-Known Member
Mar 31, 2002
337
1
318
Seems that some one was able to alter the body tag to add script code that added the psyme virus to a page on our Cpanel based server

Any ideas how to prevent this ? I noticed 2 other threads that were related but not exact
Just found another site on the server changed the same way
NEED help
Thanks
Doug
 
Last edited:

Silver_2000

Well-Known Member
Mar 31, 2002
337
1
318
To secure and harden your server. There are many things you can do to protect your server and stop these amateur hackers from playing games and abusing your server.
Really ? I can secure my server ? WOW

Thanks !!

That answers EVERYTHING !!!

Give me a break - 2 different accounts have been changed - different passwords
Its GOT To be a known exploit - Im looking for detailed help. Your response is about as helpful as RTFM
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
Any ideas how to prevent this ?
To secure and harden your server. There are many things you can do to protect your server and stop these amateur hackers from playing games and abusing your server.
 

kistler

Well-Known Member
Jan 27, 2005
136
1
166
So can you list what has been done to secure the server? I mean with your attitude it doesn’t sound like it would be very much. Just in all these post you sound like you know it all but need the answer to one thing that isn’t happing to people abroad.:rolleyes:
 

Silver_2000

Well-Known Member
Mar 31, 2002
337
1
318
So can you list what has been done to secure the server? I mean with your attitude it doesn’t sound like it would be very much. Just in all these post you sound like you know it all but need the answer to one thing that isn’t happing to people abroad.:rolleyes:
Another helpful answer ... To say that you should secure the site is less helpful than giving an example of how to do that or where to look for help in doing that. Its obvious the site needs to be secured in some way.

If I knew it all I wouldnt be asking.

scripts have been installed in the body tag of various sites on a cpanel server. In one case an Iframe with the script was added. the sites all had frontpage extensions running on them - none of the sites that are based on PHP were impacted. Seems MS did EOL on frontpage extensions this year - which may partially explain the issue http://support.jodohost.com/showthread.php?t=8531

The sites all have diff usernames
the files are all set to 644 so they wouldnt be writable by most scripts run on the server.
 
Last edited:

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,576
9
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
Another helpful answer ... To say that you should secure the site is less helpful than giving an example of how to do that or where to look for help in doing that. Its obvious the site needs to be secured in some way.
If I were you I would keep your arrogance and sarcastic comments in check. Belittling or insulting another user is grounds to have yourself banned.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
So can you list what has been done to secure the server? I mean with your attitude it doesn’t sound like it would be very much. Just in all these post you sound like you know it all but need the answer to one thing that isn’t happing to people abroad.:rolleyes:
Searching these forums would be more helpful than bad mouthing other people. This thread should be a good start: http://forums.cpanel.net/showthread.php?t=30159