The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

httpd: bad username possible hack......

Discussion in 'General Discussion' started by sosoalex, Jul 12, 2003.

  1. sosoalex

    sosoalex Member

    Joined:
    Jan 29, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    apache down today with this error ........


    its cannot be started again the user name coz if this user...


    so i go throw the httpd conf file and commend his virtual hosts...


    and start httpd and its work .......

    when i go to the /etc/passwd


    i found the user member of the root group


    myuser:0:0:root:/root:/bin/bash


    also cpanel send me a warning mail saying that the user news and bin has been be in the root group

    and when i check them i found them realy memeber of group 0


    how this come.........

    cPanel.net Support Ticket Number:
     
  2. stdout

    stdout Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    189
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Nelspruit, Mpumalanga, South Africa
    cPanel Access Level:
    Root Administrator
    Remove myuser and check for any active rootshells bound to a port using netstat -anp and verify your proccess list.

    Modify the passwords for news and bin in /etc/shadow to *.

    Verify noone besides yourself has group access /bin/su.

    Install a local firewall allowing only known services to access the NET and to also prevent users from binding 'rootshells' on random ports.

    Install phpsuexec.

    Im assuming youre using RedHat.

    Update your software packages using, up2date -u.
    Consider upgrading your kernel to the latest release -ftp://kernel.org

    cat /var/log/messages | grep myuser

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page