another site infected with psyme

[Silver_2000]

Seems that some one was able to alter the body tag to add script code that added the psyme virus to a page on our Cpanel based server

Any ideas how to prevent this ? I noticed 2 other threads that were related but not exact
Just found another site on the server changed the same way
NEED help
Thanks
Doug

 

[Silver_2000]

To secure and harden your server. There are many things you can do to protect your server and stop these amateur hackers from playing games and abusing your server.

Really ? I can secure my server ? WOW

Thanks !!

That answers EVERYTHING !!!

Give me a break - 2 different accounts have been changed - different passwords
Its GOT To be a known exploit - Im looking for detailed help. Your response is about as helpful as RTFM

 

[AndyReed]

Any ideas how to prevent this ?

To secure and harden your server. There are many things you can do to protect your server and stop these amateur hackers from playing games and abusing your server.

 

[kistler]

So can you list what has been done to secure the server? I mean with your attitude it doesn’t sound like it would be very much. Just in all these post you sound like you know it all but need the answer to one thing that isn’t happing to people abroad.

 

[Silver_2000]

So can you list what has been done to secure the server? I mean with your attitude it doesn’t sound like it would be very much. Just in all these post you sound like you know it all but need the answer to one thing that isn’t happing to people abroad.

Another helpful answer ... To say that you should secure the site is less helpful than giving an example of how to do that or where to look for help in doing that. Its obvious the site needs to be secured in some way.

If I knew it all I wouldnt be asking.

scripts have been installed in the body tag of various sites on a cpanel server. In one case an Iframe with the script was added. the sites all had frontpage extensions running on them - none of the sites that are based on PHP were impacted. Seems MS did EOL on frontpage extensions this year - which may partially explain the issue http://support.jodohost.com/showthread.php?t=8531

The sites all have diff usernames
the files are all set to 644 so they wouldnt be writable by most scripts run on the server.

 

[dgbaker]

Another helpful answer ... To say that you should secure the site is less helpful than giving an example of how to do that or where to look for help in doing that. Its obvious the site needs to be secured in some way.

If I were you I would keep your arrogance and sarcastic comments in check. Belittling or insulting another user is grounds to have yourself banned.

 

[Silver_2000]

I read the responses as arrogant and belittling to me and responded. My apologies.

 

[AndyReed]

So can you list what has been done to secure the server? I mean with your attitude it doesn’t sound like it would be very much. Just in all these post you sound like you know it all but need the answer to one thing that isn’t happing to people abroad.

Searching these forums would be more helpful than bad mouthing other people. This thread should be a good start: http://forums.cpanel.net/showthread.php?t=30159

 

[brianoz]

Although there is a lot you can do there are two basic things that may help, described elsewhere in far more detail -

1. phpsuexec and suexec
2. mod_security