I had been hacked for the first time in 4 years-Resolved

[altomarketing2]

Thanks to cpanel for that quick answer !!!!

I putting the ticket here to improve this forum and to prevent people about those bad, very bad people arround there ..

The problem was an OSCOMMERCE installation without ../admin directory protection, so it could edit my php files online

CPANEL SAID :
Dear Customer,
It appears that the hacker got in through an oscommerce-based exploit from the IP 88.254.50.171, if you run "grep 88.254.50.171 /usr/local/apache/domlogs/MYDOMAIN.com" you will see the actions he took, the last one editing the index.php file on this server through an exploit in oscommerce. (This is also the same IP that tried to access dark.php)

88.254.50.171 - - [17/Jul/2007:03:13:58 -0300] "GET /?action=logout&act=ls&d=%2Fhome%2FMYUSERCPANEL%2Fpublic_html%2Fadmin&sort=0a HTTP/1.1" 200 45 "http://www.MYDOMAIN.com/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
88.254.50.171 - - [17/Jul/2007:03:13:59 -0300] "GET /admin/file_manager.php?info=index.php HTTP/1.1" 200 13 "http://www.MYDOMAIN.com/admin/file_manager.php?info=index.php&action=edit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

----
Thanks cpanel !!!!!!

Take care of it !!!!

 

[chirpy]

Your post reads that you seem to be criticising cPanel. If so, then securing your server and scripts is your responsibility, not cPanel's. It looks like cPanel went out of their way to find out how you allowed hackers into your server. If you're not criticising them, then this is a good example of why you need to have a enforced AUP so that clients know that they are responsible for ensuring that any scripts that run in their accounts are their responsibility.