The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hacked by Kevin Hughes ?

Discussion in 'General Discussion' started by rockster, Jul 13, 2003.

  1. rockster

    rockster Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    all was well, went up to webhost mgr and was alerted that apache was an insecure setup, there were gold LOCKS to the right side of the NEWS section ...



    thought they were from CPanel upfdate, had all locked except Front Page

    performed a /scripts/easyapache

    and then apahe would not start.


    getting a :

    root@secure [~]# /usr/local/apache/bin/apachectl stop
    /usr/local/apache/bin/apachectl stop: httpd (pid 15106?) not running

    and then this when i click

    cPanel/WHM News:


    Timeout while trying to fetch http://web.cpanel.net/whmnews/nph-index.cgi?version=6.4.2-STABLE_75...GIF89aÂÿÿÿÌÿÿ™™™333!þNThis art is in the public domain. , kevinh@eit.com, September 1995!ù,j8º¼ñ0 @«?#¾i;Ï×U"¸?׉(1¸ð‰RDmòL ¼€K:KïÇ |§âh‚”¼J$À³Y ¸¤×'.f…ľÞßã'wÏV@Ù›6*[uîµ¼i£¦R§7 ‰=‚ƒ</7ˆ‰? ;


    ******************
    suexec seems to be the problem:

    Jul 13 17:26:09 secure pure-ftpd[14870]: (menubuilder@24.98.40.113) [NOTICE] /home/menubuilder//public_html/httpd.conf downloaded (78074 bytes, 309.16KB/sec) Jul 13 17:26:10 secure pure-ftpd[14870]: (menubuilder@24.98.40.113) [NOTICE] /home/menubuilder//public_html/httpd.conf.bak downloaded (43921 bytes, 217.36KB/sec) httpd has failed, please contact the sysadmin.

    Notes: suexec allows cgi scripts to run with the user's id. It will also make it easier to track which user has sent out an email. If suexec is not enabled, all cgi scripts will run as nobody.


    suExec is currently x - creating lock directory x - SKIPPING /usr/local/frontpage/version5.0/apache-fp/fpexe2.patch (file already exists) Patching fpexe2.patch patching file fpexe.c httpd: no process killed enabled


    any help would be appreciated..

    cPanel.net Support Ticket Number:
     
    #1 rockster, Jul 13, 2003
    Last edited: Jul 13, 2003
  2. Keegan

    Keegan Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Have you went to whm to check resolv.conf

    I know that sounds odd, but log in there and run the wizard, restart apache

    cPanel.net Support Ticket Number:
     
  3. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    as far as the news fetch error , it is nothing to worry about,you get that from time to time , kevin hughes is a stand up guy and is to too busy to hack servers .

    cPanel.net Support Ticket Number:
     
  4. rockster

    rockster Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    well, this is crazy.. we got every thing working.. but our Modern Bill returns 500 errors and phpaccelerator will NOT run anymore..


    this was all caused by an UPDATE of WHM...

    i reinstalled php accellerator and mod_gzip// mod g zip works but not PHPA

    any one?

    cPanel.net Support Ticket Number:
     
  5. sleuth1

    sleuth1 Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Have you got a ticket in with cpanel, these guys may be able to help , there sorted my ticket in 2 hours. Good luck.

    cPanel.net Support Ticket Number:
     
  6. rockster

    rockster Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    got it all working.. man took 7 hours!

    i rebotted server 3 times and ran easyapache on the last boot and it is all aok..


    thought for sure it was hacked!

    cPanel.net Support Ticket Number:
     
  7. rockster

    rockster Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    we are left with one problem:

    Scanning suexec_log.


    it is scanning the Scanning suexec_log.every few minutes???

    cPanel.net Support Ticket Number:
     
  8. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    That's not a problem. It does that for 24 hours to look for problems if you enabled phpsuexec. If you didn't, or already had it, you can just kill the process.

    cPanel.net Support Ticket Number:
     
Loading...
Similar Threads - hacked Kevin Hughes
  1. xtronica
    Replies:
    9
    Views:
    658

Share This Page