The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

my Server Hacked

Discussion in 'General Discussion' started by linuxprovider, Jan 2, 2007.

  1. linuxprovider

    linuxprovider Active Member

    Joined:
    Mar 4, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    egypt
    Dear all

    Today while i run some commands like ls this error appeared

    segmentation falt

    any way the reason is my server's hacked

    now i reinstall it but my question

    How could my server hack while i have disabled Compilers for unprivileged users

    i admited that i have found cgi-telnet scripts but how could he used it to install rootkit

    plz help me to not falldown again

    Thanks
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Servers get hacked, at least in part, because they are running old, outdated, unpatched software with exploitable vulnerabilities.

    How to keep your web servers and web sites from being hacked?

    Keep your software updated — run the latest versions of Apache and Php. The same goes for MySQL and any other server side scripts. Php forums have been heavily targeted by hackers, not so much for running phishing sites, but it seems like the script kiddies like to deface them.

    Apache.org has Security Tips for Server Configuration at: http://www.w3.org/Security/Faq/

    W3.org has WWWSecurity FAQ at: http://www.w3.org/Security/Faq/

    I’ve seen a number of compromised sites being used to run exploits, both the WMF exploit and the createTextRange() exploits. Those sites were dropping trojan downloaders that contacted other servers to download malware including backdoors, key loggers, spam bots, password stealing trojans — the really nasty spyware, and in some cases, adware as well. It’s frustrating and sad, especially since it’s largely preventable. Please search these forums; there are many threads discussing HowTo secure your server. Or you can seek professional help to secure your server.
     
  3. linuxprovider

    linuxprovider Active Member

    Joined:
    Mar 4, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    egypt
    Many Thanks For Clearing that

    i have a question

    i have disable php ( shell scripts )

    but i am still can not disable perl ( cgi-telnet scripts )
    i have installed mod_security
    but still no hope plz give my help coz as you know if i am not fixing this problem my
    server will still facing dangers


    Thanks
     
  4. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    Can you please tell a little bit more about these? Would be great.
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    WMF
    FAQ
    http://isc.sans.org/diary.php?storyid=994

    Linux/BSD still exposed to WMF exploit through WINE!
    http://blogs.zdnet.com/Ou/index.php?p=146

    TextRange() exploits
    http://www.computerworld.com/printthis/2006/0,4814,110122,00.html

    You need a very good set of Mod Security rules to minimize and/or stop attacks on your server. In addition, install APF and BFD. I think every body should read WWWSecurity FAQ at: http://www.w3.org/Security/Faq/
     
Loading...

Share This Page