The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server was hacked. Any recommend?

Discussion in 'General Discussion' started by rvskin, Apr 22, 2003.

  1. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    Today, My server was hacked, and hacker send me the content of /etc/passwd. He hacked from demo account. I know demo is not secure but I have to have demo online.

    What currently I know it is not secure on demo mode are:
    - frontpage extension is able to install
    - agora shopping cart is able to install
    - all addon cgi is able to install
    - phpbb is able to install
    - phpchat is able to install

    Once those programs installed, he can upload cgi-shell to server. This is not count the ftp access which I still doubt its security.

    Anything else is the security hole on demo, please list here.
    And hope darkorb will fix it.
     
  2. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Why don't you disable cgi for the demo account?
     
  3. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Hello, sombody deleted our demo account once and we never worked out how it was done. After that we got wise. The next time around we disabled cgi by not checking the option so nobody could upload. You should also add the username for that demo account to

    /etc/ftpusers

    So ftp is disabled completely

    Turn off cgi

    and

    enable safe mode on this one account if you have it OFF for the rest of the server.
     
  4. versehost

    versehost Member

    Joined:
    Mar 8, 2002
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    One of my customers using your skin was also hacked. Coincidence? :eek:
     
  5. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    You all know, it's not because the rvskin. It's because ppl want to hack your server. No matter skin you use, he's able to hack. If you don't have demo control panel and he really want to hack, it's quiet easy just pay for a small dime get real account, once he get ftp access your server is in his hand.
     
  6. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    sexy_guy, thanks for comment.

    It's disabled. But people still able to install phpbb and use that test phpbb to upload file to server.
     
  7. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Howabout ftp?

    If your demo account is username: demo then add demo to

    /etc/ftpusers

    Then they cannot ftp to the demo account.
     
  8. Sash

    Sash Well-Known Member

    Joined:
    Feb 18, 2003
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    16
    Did the person get full control of the server or just send you /etc/passwd?

    Mike
     
  9. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    He just send me /etc/passwd file, and a copy of my proprietary programs.

    Good tips. For those who might confused (I was).
    Name:
    /etc/ftpusers

    Description:
    Deny FTP access. The ftpusers file is used to deny FTP access to specific users. The format is a simple text file listing the restricted users one per line.

    sexy_guy, do you know how to disable php by account?
     
Loading...

Share This Page