hacked by Kevin Hughes ?

all was well, went up to webhost mgr and was alerted that apache was an insecure setup, there were gold LOCKS to the right side of the NEWS section ...



thought they were from CPanel upfdate, had all locked except Front Page

performed a /scripts/easyapache

and then apahe would not start.


getting a :

root@secure [~]# /usr/local/apache/bin/apachectl stop
/usr/local/apache/bin/apachectl stop: httpd (pid 15106?) not running

and then this when i click

cPanel/WHM News:


Timeout while trying to fetch http://web.cpanel.net/whmnews/nph-index.cgi?version=6.4.2-STABLE_75...GIF89aÂÿÿÿÌÿÿ™™™333!þNThis art is in the public domain. , kevinh@eit.com, September 1995!ù

,j8º¼ñ0 @«?#¾i;Ï×U"¸?׉(1¸ð‰RDmòL ¼€K:KïÇ |§âh‚”¼J$À³Y ¸¤×'.f…ľÞßã'wÏV@Ù›6*[uîµ¼i£¦R§7 ‰=‚ƒ</7ˆ‰? ;


******************
suexec seems to be the problem:

Jul 13 17:26:09 secure pure-ftpd[14870]: (menubuilder@24.98.40.113) [NOTICE] /home/menubuilder//public_html/httpd.conf downloaded (78074 bytes, 309.16KB/sec) Jul 13 17:26:10 secure pure-ftpd[14870]: (menubuilder@24.98.40.113) [NOTICE] /home/menubuilder//public_html/httpd.conf.bak downloaded (43921 bytes, 217.36KB/sec) httpd has failed, please contact the sysadmin.

Notes: suexec allows cgi scripts to run with the user's id. It will also make it easier to track which user has sent out an email. If suexec is not enabled, all cgi scripts will run as nobody.


suExec is currently x - creating lock directory x - SKIPPING /usr/local/frontpage/version5.0/apache-fp/fpexe2.patch (file already exists) Patching fpexe2.patch patching file fpexe.c httpd: no process killed enabled


any help would be appreciated..

cPanel.net Support Ticket Number:

 

well, this is crazy.. we got every thing working.. but our Modern Bill returns 500 errors and phpaccelerator will NOT run anymore..


this was all caused by an UPDATE of WHM...

i reinstalled php accellerator and mod_gzip// mod g zip works but not PHPA

any one?

cPanel.net Support Ticket Number:

 

got it all working.. man took 7 hours!

i rebotted server 3 times and ran easyapache on the last boot and it is all aok..


thought for sure it was hacked!

cPanel.net Support Ticket Number:

 

we are left with one problem:

Scanning suexec_log.


it is scanning the Scanning suexec_log.every few minutes???

cPanel.net Support Ticket Number: