The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Found This in a free users webfolder

Discussion in 'Security' started by BartMan__X, Jul 8, 2013.

  1. BartMan__X

    BartMan__X Member

    Joined:
    Aug 8, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston, Texas, United States
    cPanel Access Level:
    Website Owner
    I Found This in the folder of a free user .. i forgot all about a cpanel free user signup script i had installed wayback
    .. so anyway a user signed up yesterday and uploaded this script .. i cant tell if any harm has been done but it looks like the user could gain access to usernames and passwords at the least .. i decoded some of the base 64 code and says it installs a shell .. so what should i do now? im scanning the Entire VPS with Linux Malware Detect now and removing the signup script.
    SCREENSHOT
    View attachment 16261

    SOURCE


    - removed script code -
     

    Attached Files:

    #1 BartMan__X, Jul 8, 2013
    Last edited by a moderator: Jul 8, 2013
  2. BartMan__X

    BartMan__X Member

    Joined:
    Aug 8, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston, Texas, United States
    cPanel Access Level:
    Website Owner
    well you took the time to remove the code i posted and change the title of my post. ("Reason: no need to share code such as this" thats crap ! )
    but didnt reply.
    i think if the code was inspected by someone who knows what they are looking at they could tell me where to look for modified files
    and such.
    The Files Name was CPanelCrack.php and if you would like to see a copy of the code PM me.

    i cant see getting much help here if the details of my post are removed ..

    im about ready to dump CP all together!
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm sorry you feel that way.

    cPanel cannot assist you with this sort of script, or a compromised server. You might want to hire someone from the AppCat located here:
    Sys Admin Services | cPanel App Catalog

    There is no need to share that file on this forum. A simple search for the name can find many variations of it, all of them, BAD NEWS.

    The script scans for every single website config file on your server. If you went by the date that file was added to your server, one could assume that every account, and website, needs its password changed. Or more appropriately, restored from a safe backup, before that file was added to the server.

    I'm no expert though, hence no need to reply. I am the one who edited your thread though, and will do it again too.

    Sorry, but that's what I do.

    Waiting on a forum reply to this sort of thing, is nuts. IMHO.

    Good luck with this.
     
  4. BartMan__X

    BartMan__X Member

    Joined:
    Aug 8, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston, Texas, United States
    cPanel Access Level:
    Website Owner
    ok you can close this thread! i fixed it by re-imaging the vps and canceling my cpanel license.

    best fix i could find. HAVE A NICE DAY!
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    BartMan, it's a rule of thumb to not post exploit code on web hosting / support forums.

    Just because the file is called CPCrack does not mean cPanel is in any way responsible for the hack. 99.9% of these exploits are uploaded through either:

    A. outdated CMS software, i.e. joomla 1.5 or wordpress installs with old/vulnerable plugins

    B. CMS software with poor admin passwords, or

    C. accounts with Weak FTP/cPanel passwords.

    cPanel is not responsible for this; either you or the person who is the webmaster for that site is.

    Now, all of that above would apply if this was a legitimate user whos site got "hacked." If you're offering free cPanel accounts, not to sound rude, but of COURSE someone is going to upload exploits and try to crack other passwords. You're just begging for it. Id advise you to get on a good secure cloudlinux setup that separates your users, so that when malicious users like this one inevitably sign up, they can't access other accounts on your server.
     
  6. BartMan__X

    BartMan__X Member

    Joined:
    Aug 8, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston, Texas, United States
    cPanel Access Level:
    Website Owner
    Well I never said cpanel was responsible or in someway obligated to help me with with this .. I asked for a little help with this and the important parts were later removed.
    The response's I did get basically said buy something.
    In the long run ill be saving
     
  7. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    299
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Sorry, internet is hard to understand peoples "tone" sometimes. As a security admin, the code of the script you found is actually not all that important, rather how it got there. You know how it got there and took care of that; honestly, terminating the account and running a maldet scan / password change on your remaining accounts would have probably been fine. No need to re-image. However, if you know how to manage a server without cPanel, you may as well save the money.
     
Loading...

Share This Page