Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

FunWebProducts Spyware Bitches

Discussion in 'General Discussion' started by prettydumb, Sep 1, 2007.

  1. prettydumb

    prettydumb Active Member

    Joined:
    Aug 25, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    56
    BTW...I figured it out on my own.

    Your turn!
     
  2. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,822
    Likes Received:
    8
    Trophy Points:
    318
    Location:
    back woods of NC, USA
    okeeee ??? ..thanks I guess ?? :confused:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. JamesCTotalWeb

    JamesCTotalWeb Well-Known Member

    Joined:
    Mar 20, 2005
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    156
    cPanel Access Level:
    Root Administrator
    Ok let see if I can help out here ……… this is what you are seeing in your log files right?

    [31/Aug/2007:22:28:00 -0500] "POST /cgi-bin/arp/arp-formcapture.pl HTTP/1.1" 200 335 "http//www.xxx.com/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; H010818; FunWebProducts)"

    Ok if that is the case then there is not a problem with your server/site …… the FunWebProducts that is listed in the log file is coming from the browser that the user is browsing with check out this page please

    http://www.liamdelahunty.com/tips/fun_web_products.php

    It explains that more and more users arriving on the server with FunWebProducts in the User Agent.

    Ok now what they are doing is go to the web site and posting in a form thus the “POST /cgi-bin/arp/arp-formcapture.pl” this script will gather the information and add it to the autoresponder list that this site has set up.

    So with this information at hand I would say if you are worried about the “FunWebProducts” issue don’t be cus it aint you that has the issue.

    If it is the arp-formcapture.pl that bothers you then as others have said run this command from the command line.
    find /home -name "arp-formcapture.pl" –print

    Locate all the formcapture.pl files and delete them.

    There problem solved and BTW the log file entry is not a MS-Dos command its just someone exploiting your script so lock it down or delete it if not needed.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice