Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Are these part of cpanel/whm?

Discussion in 'General Discussion' started by hariskhan, May 23, 2006.

  1. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    1) Are the following files, part of cpanel? If so, please specify the package they belong to

    I am fixing someone's hacked dedicated web-host server, which has RHEL 2.4.21-40.EL and cpanel. chkrootkit doesn't help. Gives 'all ok' status. I'm searching for 'what got exploited on the server'.

    WHM 10.8.0 cPanel 10.8.2-R83
    RedHat Enterprise 3 i686 - WHM X v3.1.0

    ; ===========================================================

    root@ameer [~]# find / -name "*.pxp"
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.7.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.0.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.7.pxp

    ; ======================================================

    2) I have folder: installd under;

    - /root
    - /home

    Are both copies valid or is one out of date/stale/bad?

    ; ======================================================

    3) The datacenter staff points out that it 'might' be a vulnerability in php. Has any such event occured on any other server? I have php 4.3.11 here.

    Running /scripts/upcp hasn't helped upgrading php. I get 'php version is up to date'.

    Need to know of similar scenarios' to tackle this problem.

    Need help!
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    166
    Regarding the .pxp files, I remember having them around since day zero. I have no idea what they are, but I believe they're safe.

    By this do you mean you have the directories:

    /root/installd
    /home/installd

    If so, I've never heard of them being required by cPanel. What's their permissions and ownership and what's in them?

    PHP can be updated via /scripts/easyapache or via WHM >> Software >> Apache Update. Be sure you know what you're doing before recompiling php with either!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice