The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I had been hacked for the first time in 4 years-Resolved

Discussion in 'General Discussion' started by altomarketing2, Jul 17, 2007.

  1. altomarketing2

    altomarketing2 Well-Known Member

    Joined:
    Oct 8, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SouthAmerica
    Thanks to cpanel for that quick answer !!!!

    I putting the ticket here to improve this forum and to prevent people about those bad, very bad people arround there ..:mad:

    The problem was an OSCOMMERCE installation without ../admin directory protection, so it could edit my php files online

    CPANEL SAID :
    Dear Customer,
    It appears that the hacker got in through an oscommerce-based exploit from the IP 88.254.50.171, if you run "grep 88.254.50.171 /usr/local/apache/domlogs/MYDOMAIN.com" you will see the actions he took, the last one editing the index.php file on this server through an exploit in oscommerce. (This is also the same IP that tried to access dark.php)

    88.254.50.171 - - [17/Jul/2007:03:13:58 -0300] "GET /?action=logout&act=ls&d=%2Fhome%2FMYUSERCPANEL%2Fpublic_html%2Fadmin&sort=0a HTTP/1.1" 200 45 "http://www.MYDOMAIN.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    88.254.50.171 - - [17/Jul/2007:03:13:59 -0300] "GET /admin/file_manager.php?info=index.php HTTP/1.1" 200 13 "http://www.MYDOMAIN.com/admin/file_manager.php?info=index.php&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

    ----
    Thanks cpanel !!!!!!

    Take care of it !!!!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Your post reads that you seem to be criticising cPanel. If so, then securing your server and scripts is your responsibility, not cPanel's. It looks like cPanel went out of their way to find out how you allowed hackers into your server. If you're not criticising them, then this is a good example of why you need to have a enforced AUP so that clients know that they are responsible for ensuring that any scripts that run in their accounts are their responsibility.
     
    #2 chirpy, Jul 20, 2007
    Last edited: Jul 20, 2007
Loading...

Share This Page