The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacking Question

Discussion in 'General Discussion' started by mxbmxb, Dec 2, 2004.

  1. mxbmxb

    mxbmxb Registered

    Joined:
    Dec 2, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Is it possible for a hacker to put a program on your server that has permission higher that yours? Like to install a php program that you can't delete. And would this be possible from a script on your site? Cpanel user...... :confused:
    Thanks
     
  2. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    They could definitly upload a program and depending on the state of your server, could use one of many exploits to change permissions and / or file attributes. Most often crackers get in by using an exploitable publicly viewable php or cgi program.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    As haze says, most commonly servers are exploited through vulnerable scripts, and from there onto local exploits which can open up root access.

    I'm not sure what you mean by installing a file that you cannot delete. If you have root access, you should almost always be able to delete a file (you may have to remove the immutable flag). There are some circumstances where you cannot, but these usually have something to do with file corruption than malicious intent.
     
  4. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    There are some rootkits that will install a file as a block device, in that case you can't delete the system. Normally after clearing the kit and rebooting it will kill that file.
     
Loading...

Share This Page