The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Are these part of cpanel/whm?

Discussion in 'General Discussion' started by hariskhan, May 23, 2006.

  1. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    1) Are the following files, part of cpanel? If so, please specify the package they belong to

    I am fixing someone's hacked dedicated web-host server, which has RHEL 2.4.21-40.EL and cpanel. chkrootkit doesn't help. Gives 'all ok' status. I'm searching for 'what got exploited on the server'.

    WHM 10.8.0 cPanel 10.8.2-R83
    RedHat Enterprise 3 i686 - WHM X v3.1.0

    ; ===========================================================

    root@ameer [~]# find / -name "*.pxp"
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.7.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.0.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.7.pxp

    ; ======================================================

    2) I have folder: installd under;

    - /root
    - /home

    Are both copies valid or is one out of date/stale/bad?

    ; ======================================================

    3) The datacenter staff points out that it 'might' be a vulnerability in php. Has any such event occured on any other server? I have php 4.3.11 here.

    Running /scripts/upcp hasn't helped upgrading php. I get 'php version is up to date'.

    Need to know of similar scenarios' to tackle this problem.

    Need help!
     
    #1 hariskhan, May 23, 2006
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    166
    Regarding the .pxp files, I remember having them around since day zero. I have no idea what they are, but I believe they're safe.

    By this do you mean you have the directories:

    /root/installd
    /home/installd

    If so, I've never heard of them being required by cPanel. What's their permissions and ownership and what's in them?

    PHP can be updated via /scripts/easyapache or via WHM >> Software >> Apache Update. Be sure you know what you're doing before recompiling php with either!
     
    #2 webignition, May 23, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - part cpanel
  1. WebHostPro

    Can you symlink a folder in cpanel to another partition?

    WebHostPro, Nov 16, 2016, in forum: General Discussion
    Replies:
    3
    Views:
    293
    cPanelMichael
    Nov 17, 2016
  2. deanhills

    How can I solve these processes - /usr/local/cpanel/3rdparty/perl/522/bin/perl ?

    deanhills, Aug 30, 2016, in forum: General Discussion
    Replies:
    6
    Views:
    1,773
    cPanelMichael
    Sep 6, 2016
  3. WorkinOnIt

    cPanel license from third party question

    WorkinOnIt, Aug 27, 2016, in forum: General Discussion
    Replies:
    2
    Views:
    416
    cPanelMichael
    Aug 29, 2016
  4. xchiazyx

    cagefs_enter: /usr/local/cpanel/3rdparty/mailman/mail/mailman: Permission denied

    xchiazyx, Jun 16, 2016, in forum: CloudLinux
    Replies:
    4
    Views:
    1,028
    cPanelMichael
    Sep 6, 2016
  5. RootJohn

    Extending cPanel partition

    RootJohn, May 16, 2016, in forum: General Discussion
    Replies:
    2
    Views:
    534
    cPanelMichael
    May 30, 2016

Share This Page