Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Hacked again!!! Help !!!

Discussion in 'General Discussion' started by atul, Aug 5, 2004.

  1. atul

    atul Well-Known Member

    Joined:
    May 6, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    156
    Hello All,
    Few days back on my RHE 3.0 server , IRC bouncer attack took place with xdcc.dot.. etc someone uploaded ls/ directory in /var/tmp ...
    Unfortunately they cane back again:
    see this:
    oot@hosting [/]# find / -name "iroffer*"

    /var/spool/vbox/iroffer.tar

    /var/spool/vbox/iroffer

    /var/spool/vbox/iroffer_chroot

    /var/spool/vbox/iroffer.cron

    /var/spool/vbox/obj/iroffer_admin.o

    /var/spool/vbox/obj/iroffer_dccchat.o

    /var/spool/vbox/obj/iroffer_display.o

    /var/spool/vbox/obj/iroffer_main.o

    /var/spool/vbox/obj/iroffer_misc.o

    /var/spool/vbox/obj/iroffer_transfer.o

    /var/spool/vbox/obj/iroffer_upload.o

    /var/spool/vbox/obj/iroffer_utilities.o

    /var/spool/vbox/src/iroffer_admin.c

    /var/spool/vbox/src/iroffer_config.h

    /var/spool/vbox/src/iroffer_dccchat.c

    /var/spool/vbox/src/iroffer_defines.h

    /var/spool/vbox/src/iroffer_display.c

    /var/spool/vbox/src/iroffer_globals.h

    /var/spool/vbox/src/iroffer_headers.h

    /var/spool/vbox/src/iroffer_main.c

    /var/spool/vbox/src/iroffer_misc.c

    /var/spool/vbox/src/iroffer_transfer.c

    /var/spool/vbox/src/iroffer_upload.c

    /var/spool/vbox/src/iroffer_utilities.


    I have already blocked port 6666 on server..
    But still someone is playng with this..
    Any suggestion?
     
  2. aphexer

    aphexer Member

    Joined:
    Aug 3, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Belgium
    security

    Yeah of course... change your root password and check the permissions of the /var and /tmp dirs (and /var/tmp yes). Finally doublecheck you blocked the irc ports (outbound): 6665-7000. (He might be using a bouncer which could make him use a random port though...)
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice