The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpnuke exploit protection

Discussion in 'General Discussion' started by mahdionline, Jan 19, 2005.

  1. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    166
    Hi

    I have a DREADFUL problem with some of phpnuke that hosted on my server. Ev1 abuse team send me a mail about " PHP-Nuke Exploit " . they notice me that a spammer use of a phpnuke site to do his work. and send many spam in every month.

    now I have 3 question :

    1- how can i discover that which account on server use phpnuke ?
    ( I see in mysql database list that we have about 200 phpnuke on our server)

    2- how can I find out that which of account is victim of that spammer ?

    3- how can I filter all phpnuke ?( can I do this with mod_security) ?

    Regard
     
    #1 mahdionline, Jan 19, 2005
  2. projectandrew

    projectandrew Well-Known Member

    Joined:
    Aug 27, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    United Kingdom
    Under WHM in Addon Modules, you can install the addonupdates module - this adds another option in WHM called 'Addon Script Manager'. This can be used to find PHPNuke installs, but I am not sure if it only finds versions of PHPNUke that have been installed via cPanel.
     
    #2 projectandrew, Jan 19, 2005
  3. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    394
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    we are currently NOT reccomending to use PHPNuke to our clients.. also if you can, have them shut off the email function in nuke.

    i'm sure there are other solutions as well..
     
    #3 PPNSteve, Jan 19, 2005
  4. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    166
    thanks but how can I filter or shut off outgoing mail of phpnuke sites ?
    a note : we have near to 200 phpnuke on our server. and I donot know , which account is the victim of spammer .! ! :confused: :(

    please help me ! :(
     
    #4 mahdionline, Jan 20, 2005
  5. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    694
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Sydney / Australia
    have u installed PHP suEXEC ? find it in WHM/software/update apache
    u can trace the spammer with that :

    Have u enabled SMTP Tweak ? in Tweak Security
    This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.

    And i guess you could Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.) u find that in WHM/Tweak Settings

    and i guess u could tell all ur customers to protect their nuke install with Sentinel
     
    #5 gorilla, Jan 20, 2005
    Last edited: Jan 20, 2005
  6. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    166
    Thanks ! I do that and now I should wait for the future and . . . :)
     
    #6 mahdionline, Jan 20, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - phpnuke exploit protection
  1. Sametto Chan

    SOLVED Possibly Remove Shell PHP Exploit?

    Sametto Chan, Dec 12, 2016, in forum: Security
    Replies:
    3
    Views:
    452
    cPanelMichael
    Dec 14, 2016
  2. cglmicro

    ClamAV found exploit in cpanel/cpaddons/../Wordpress

    cglmicro, Sep 5, 2015, in forum: Security
    Replies:
    3
    Views:
    984
    cPanelMichael
    Sep 10, 2015

Share This Page