Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Are these part of cpanel/whm?

Discussion in 'General Discussion' started by hariskhan, May 23, 2006.

  1. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    1) Are the following files, part of cpanel? If so, please specify the package they belong to

    I am fixing someone's hacked dedicated web-host server, which has RHEL 2.4.21-40.EL and cpanel. chkrootkit doesn't help. Gives 'all ok' status. I'm searching for 'what got exploited on the server'.

    WHM 10.8.0 cPanel 10.8.2-R83
    RedHat Enterprise 3 i686 - WHM X v3.1.0

    ; ===========================================================

    root@ameer [~]# find / -name "*.pxp"
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.7.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.fre/ixed.fre.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.11.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.0.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.9.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.1.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.8.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.0.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.10.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.ts.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.6.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.1.2.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.4.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.5.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.2.3.pxp
    /usr/local/cpanel/3rdparty/etc/ixed/ixed.lin/ixed.lin.4.3.7.pxp

    ; ======================================================

    2) I have folder: installd under;

    - /root
    - /home

    Are both copies valid or is one out of date/stale/bad?

    ; ======================================================

    3) The datacenter staff points out that it 'might' be a vulnerability in php. Has any such event occured on any other server? I have php 4.3.11 here.

    Running /scripts/upcp hasn't helped upgrading php. I get 'php version is up to date'.

    Need to know of similar scenarios' to tackle this problem.

    Need help!
     
    #1 hariskhan, May 23, 2006
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    166
    Regarding the .pxp files, I remember having them around since day zero. I have no idea what they are, but I believe they're safe.

    By this do you mean you have the directories:

    /root/installd
    /home/installd

    If so, I've never heard of them being required by cPanel. What's their permissions and ownership and what's in them?

    PHP can be updated via /scripts/easyapache or via WHM >> Software >> Apache Update. Be sure you know what you're doing before recompiling php with either!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 webignition, May 23, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - part cpanel
  1. cacabrera

    cPanel best partition

    cacabrera, Aug 13, 2018, in forum: General Discussion
    Replies:
    6
    Views:
    185
    sysnishit
    Aug 21, 2018
  2. abhishekkuamr

    Auto login to 3rd party software from custom cPanel plugin?

    abhishekkuamr, Jun 8, 2018, in forum: cPanel Developers
    Replies:
    5
    Views:
    312
    cPanelMichael
    Jun 12, 2018
  3. mtindor

    Replacing 3rd-party service SSL cert with a cPanel-signed cert

    mtindor, Nov 7, 2017, in forum: Security
    Replies:
    2
    Views:
    361
    mtindor
    Nov 7, 2017
  4. mahdy_sharifi

    cPanel not recognizing new partition

    mahdy_sharifi, Nov 3, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    352
    cPanelMichael
    Nov 6, 2017
  5. Sametto Chan

    SOLVED /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

    Sametto Chan, Aug 30, 2017, in forum: Security
    Replies:
    23
    Views:
    1,527
    cPWilliamL
    Feb 8, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice