The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Are these part of cpanel/whm?

Discussion in 'General Discussion' started by hariskhan, May 23, 2006.

  1. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    1) Are the following files, part of cpanel? If so, please specify the package they belong to

    I am fixing someone's hacked dedicated web-host server, which has RHEL 2.4.21-40.EL and cpanel. chkrootkit doesn't help. Gives 'all ok' status. I'm searching for 'what got exploited on the server'.

    WHM 10.8.0 cPanel 10.8.2-R83
    RedHat Enterprise 3 i686 - WHM X v3.1.0

    ; ===========================================================

    root@ameer [~]# find / -name "*.pxp"
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.7.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.0.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.7.pxp

    ; ======================================================

    2) I have folder: installd under;

    - /root
    - /home

    Are both copies valid or is one out of date/stale/bad?

    ; ======================================================

    3) The datacenter staff points out that it 'might' be a vulnerability in php. Has any such event occured on any other server? I have php 4.3.11 here.

    Running /scripts/upcp hasn't helped upgrading php. I get 'php version is up to date'.

    Need to know of similar scenarios' to tackle this problem.

    Need help!
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Regarding the .pxp files, I remember having them around since day zero. I have no idea what they are, but I believe they're safe.

    By this do you mean you have the directories:

    /root/installd
    /home/installd

    If so, I've never heard of them being required by cPanel. What's their permissions and ownership and what's in them?

    PHP can be updated via /scripts/easyapache or via WHM >> Software >> Apache Update. Be sure you know what you're doing before recompiling php with either!
     
Loading...

Share This Page