The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

another site infected with psyme

Discussion in 'General Discussion' started by Silver_2000, Nov 3, 2006.

  1. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    Seems that some one was able to alter the body tag to add script code that added the psyme virus to a page on our Cpanel based server

    Any ideas how to prevent this ? I noticed 2 other threads that were related but not exact
    Just found another site on the server changed the same way
    NEED help
    Thanks
    Doug
     
    #1 Silver_2000, Nov 3, 2006
    Last edited: Nov 3, 2006
  2. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    Really ? I can secure my server ? WOW

    Thanks !!

    That answers EVERYTHING !!!

    Give me a break - 2 different accounts have been changed - different passwords
    Its GOT To be a known exploit - Im looking for detailed help. Your response is about as helpful as RTFM
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    To secure and harden your server. There are many things you can do to protect your server and stop these amateur hackers from playing games and abusing your server.
     
  4. kistler

    kistler Well-Known Member

    Joined:
    Jan 27, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    So can you list what has been done to secure the server? I mean with your attitude it doesn’t sound like it would be very much. Just in all these post you sound like you know it all but need the answer to one thing that isn’t happing to people abroad.:rolleyes:
     
  5. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    Another helpful answer ... To say that you should secure the site is less helpful than giving an example of how to do that or where to look for help in doing that. Its obvious the site needs to be secured in some way.

    If I knew it all I wouldnt be asking.

    scripts have been installed in the body tag of various sites on a cpanel server. In one case an Iframe with the script was added. the sites all had frontpage extensions running on them - none of the sites that are based on PHP were impacted. Seems MS did EOL on frontpage extensions this year - which may partially explain the issue http://support.jodohost.com/showthread.php?t=8531

    The sites all have diff usernames
    the files are all set to 644 so they wouldnt be writable by most scripts run on the server.
     
    #5 Silver_2000, Nov 4, 2006
    Last edited: Nov 4, 2006
  6. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    If I were you I would keep your arrogance and sarcastic comments in check. Belittling or insulting another user is grounds to have yourself banned.
     
  7. Silver_2000

    Silver_2000 Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    338
    Likes Received:
    1
    Trophy Points:
    18
    I read the responses as arrogant and belittling to me and responded. My apologies.
     
  8. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Searching these forums would be more helpful than bad mouthing other people. This thread should be a good start: http://forums.cpanel.net/showthread.php?t=30159
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Although there is a lot you can do there are two basic things that may help, described elsewhere in far more detail -
    1. phpsuexec and suexec
    2. mod_security
     
Loading...

Share This Page