The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacking php script

Discussion in 'General Discussion' started by emeric21, Apr 10, 2006.

  1. emeric21

    emeric21 Well-Known Member

    Joined:
    Aug 5, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    I just found a **** php hacking script on one of our customer account...
    How i can eneable mod-Security to blog that?

    This is not the complete code...
     
    #1 emeric21, Apr 10, 2006
    Last edited by a moderator: Apr 11, 2006
  2. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    First of all you may want to rephrase what you have just said. Mods are not going to be particuarly happy with that kind of language in these forums.
     
    #2 celliott, Apr 10, 2006
    Last edited by a moderator: Apr 11, 2006
  3. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    I'm not aware of any blogging features of modsec, although I may be wrong.

    If you are interested in blocking such requests, what you should really be looking at is blocking the request that caused the script to get on your server in the first place and not just looking at preventing the script from running - that would be treating the symptoms not the cause.

    The only sensible options it to trawl through your Apache access logs, keeping an eye out for the request that caused the script to get on your server in the first place. This should help you find out which insecure script helped the file get on to your server.

    Find the insecure script and fix it. If it is a distributed pacakge, such as a forum, consider upgrading to the latest version and consider perusing their forums for information pertaining to any insecurities. If it is a custom written script, ask the account owner to fix it, highlighting the security problems it presents.

    If you fix an insecure script then an exploit attempt will fail and therefore any relevant modsec rules would be obsoleted.
     
  4. IPSecureNetwork

    IPSecureNetwork Well-Known Member

    Joined:
    May 28, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    you must update your mod_security rules ...
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Please mind the language on the forums.

    You can search the forums or indeed the web for mod_security rules. If you don't have the knowledge to write some yourself (documentation on that modules site) then search the web for some pre-written ones.

    That said, they most likely won't prevent the execution of such a script. As has been said, you need to find out how the script was uploaded to your server and fix that hole. If you don't know how, you'll need to hire a server administration who knows about such security issues.

    Nothing to do with cPanel and if you opened a support ticket with them through your cPanel license provider, I doubt you'd get much in the way of support as the issue has nothing to do with their product.
     
  6. emeric21

    emeric21 Well-Known Member

    Joined:
    Aug 5, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    I tested this script and i had access to all files of the servers...
    I can also see what is into the /root/ directory...

    I deleted the script from our server but i keep 1 copy on my computer, if a cpanel system admin want a copy, i can send it..

    Where i can get new mod_security rules?

    Thanks
     
  7. emeric21

    emeric21 Well-Known Member

    Joined:
    Aug 5, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    I hired a system admin.

    Do you know how to secure or encrypt user accounts password on servers?
     
Loading...

Share This Page