The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone know a good hacking forum?

Discussion in 'General Discussion' started by AbeFroman, May 8, 2003.

  1. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Anyone know a good hacking forum? My cpanel server just got hacked, I had to reinstall everything. I need to learn how to hack so i can prevent this from happening again.
     
  2. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Miami
    may I ask how you know or found out it got hacked?
     
  3. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    well, ill looks like that uploaded something to the tmp directory and when /etc/rc.d/init.d/httpd restart was run it would excute some code place in the tmp directory, if that makes any scence. I also found a port scanner.
     
  4. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Miami
    Thanks


    how you do that?
     
  5. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Find the port scanner?

    I was tipped off by other system administrartors saying there newtworks were being scanned from the ip of my server.

    I checked /var/tmp and /tmp, this let me to a username and in his files was the port scanner. (he claims someone hacked his account and uploaded it)
     
  6. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Miami
    ok...dont really know what were looking at here

    root@bliss [/tmp]# ls -l
    total 491
    drwxrwxrwt 2 root root 11264 May 8 18:04 ./
    drwxr-xr-x 22 root root 1024 May 7 23:58 ../
    -rw-r--r-- 1 nobody nobody 2057 Apr 5 23:20 categories_box-english.cache
    -rw-r--r-- 1 nobody nobody 2074 May 5 01:55 categories_box-english.cache23
    -rw-r--r-- 1 nobody nobody 2074 May 5 01:55 categories_box-english.cache25
    -rw------- 1 cpanel cpanel 14154 May 8 13:24 horde.log
    -rw-r--r-- 1 nobody nobody 1357 Apr 4 17:54 manufacturers_box-english.cache
    lrwxrwxrwx 1 root root 25 Feb 24 20:57 mysql.sock -> /var/lib/mysql/mysql.sock=
    -rw------- 1 nobody nobody 92142 May 7 20:26 phpXtzLK0
    -rw------- 1 nobody nobody 387 Apr 30 14:32 sess_01acb74cfccb45fc0460317e9a646bf4
     
  7. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    That looks ok.

    It would see what this one is...
    -rw------- 1 nobody nobody 92142 May 7 20:26 phpXtzLK0

    When you see nobody nobody it was uploaded from a web browser
     
  8. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Hi, Abe,

    I don't know any way to upload something from a web browser, unless php or something gets involved.

    Is there any way to upload using just a browser, or did you mean that they used a php script, or a web form of some kind?

    Just curious, because currently experimenting with a php-file-management script. And I noticed that anything created or uploaded has the user nobody. I had assumed that php was running as the user nobody, but maybe I'm not thinking correctly. And maybe a number of processes or clients regularly run as user nobody.

    I'd be grateful for any further info on this.
     
  9. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Yes, it was likely uploaded with php.
     
  10. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    not a forum as such however real world linux security and hacking linux exposed are two great books to have
     
Loading...

Share This Page