Found Script That Can Open other User home directory

hrace009

Well-Known Member
Dec 24, 2013
75
10
8
Root
cPanel Access Level
Root Administrator
Twitter
Hello,

Today i found someone upload a script that can open other user home directory.
the script like this:

- Removed -

I tried to run this script at pay shared hosting, seems it block it and only show black screen.
But when i try to run it at my server, the script is open, and show all entire home directory, and it can get Wordpress config file.
How i can prevent a script like this to be running on my server?
 
Last edited by a moderator:

hrace009

Well-Known Member
Dec 24, 2013
75
10
8
Root
cPanel Access Level
Root Administrator
Twitter
No need to post the script or screenshots, these sorts of scripts have been around forever.

You might consider this script by ConfigServer for assistance with preventing this sort of thing from being uploaded to your server:
ConfigServer eXploit Scanner (cxs)

There are others as well.
Okay, thanks for your information, is there other alternative than cxs that comes for free?
 

hrace009

Well-Known Member
Dec 24, 2013
75
10
8
Root
cPanel Access Level
Root Administrator
Twitter
Yes, but I don't have any additional links to share, I swear by this one. Worth every penny.
yes i know it worth, but this with my office, throw out money was easy by them, but to take it out, need time, around 1 month or a year. Well you know that was Office Administration. And meanwhile i can't wait for that long.
 

Infopro

Well-Known Member
May 20, 2003
17,076
521
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
First, remove that script from your server, stop running it. Those scripts phone home. Second, change your passwords. No telling what you've already sent by running the script (read: opened it on your server). Third, find the 60 bucks to get the other script I suggested, whats your server worth to you??

And finally, if you need additional security assistance and are not sure what to do, you should hire a professional:
System Administration Services | cPanel Forums
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463

hrace009

Well-Known Member
Dec 24, 2013
75
10
8
Root
cPanel Access Level
Root Administrator
Twitter
  • Like
Reactions: cPanelMichael

weetabix

Well-Known Member
Oct 26, 2006
64
6
158
Also, I would suggest you install and configure Cloudlinux for some extra security.