Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Anyone know a good hacking forum?

Discussion in 'General Discussion' started by AbeFroman, May 8, 2003.

  1. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    318
    Anyone know a good hacking forum? My cpanel server just got hacked, I had to reinstall everything. I need to learn how to hack so i can prevent this from happening again.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Miami
    may I ask how you know or found out it got hacked?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    318
    well, ill looks like that uploaded something to the tmp directory and when /etc/rc.d/init.d/httpd restart was run it would excute some code place in the tmp directory, if that makes any scence. I also found a port scanner.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Miami
    Thanks


    how you do that?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    318
    Find the port scanner?

    I was tipped off by other system administrartors saying there newtworks were being scanned from the ip of my server.

    I checked /var/tmp and /tmp, this let me to a username and in his files was the port scanner. (he claims someone hacked his account and uploaded it)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Miami
    ok...dont really know what were looking at here

    root@bliss [/tmp]# ls -l
    total 491
    drwxrwxrwt 2 root root 11264 May 8 18:04 ./
    drwxr-xr-x 22 root root 1024 May 7 23:58 ../
    -rw-r--r-- 1 nobody nobody 2057 Apr 5 23:20 categories_box-english.cache
    -rw-r--r-- 1 nobody nobody 2074 May 5 01:55 categories_box-english.cache23
    -rw-r--r-- 1 nobody nobody 2074 May 5 01:55 categories_box-english.cache25
    -rw------- 1 cpanel cpanel 14154 May 8 13:24 horde.log
    -rw-r--r-- 1 nobody nobody 1357 Apr 4 17:54 manufacturers_box-english.cache
    lrwxrwxrwx 1 root root 25 Feb 24 20:57 mysql.sock -> /var/lib/mysql/mysql.sock=
    -rw------- 1 nobody nobody 92142 May 7 20:26 phpXtzLK0
    -rw------- 1 nobody nobody 387 Apr 30 14:32 sess_01acb74cfccb45fc0460317e9a646bf4
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    318
    That looks ok.

    It would see what this one is...
    -rw------- 1 nobody nobody 92142 May 7 20:26 phpXtzLK0

    When you see nobody nobody it was uploaded from a web browser
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    166
    Hi, Abe,

    I don't know any way to upload something from a web browser, unless php or something gets involved.

    Is there any way to upload using just a browser, or did you mean that they used a php script, or a web form of some kind?

    Just curious, because currently experimenting with a php-file-management script. And I noticed that anything created or uploaded has the user nobody. I had assumed that php was running as the user nobody, but maybe I'm not thinking correctly. And maybe a number of processes or clients regularly run as user nobody.

    I'd be grateful for any further info on this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    318
    Yes, it was likely uploaded with php.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    not a forum as such however real world linux security and hacking linux exposed are two great books to have
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice