The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpnuke exploit protection

Discussion in 'General Discussion' started by mahdionline, Jan 19, 2005.

  1. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    I have a DREADFUL problem with some of phpnuke that hosted on my server. Ev1 abuse team send me a mail about " PHP-Nuke Exploit " . they notice me that a spammer use of a phpnuke site to do his work. and send many spam in every month.

    now I have 3 question :

    1- how can i discover that which account on server use phpnuke ?
    ( I see in mysql database list that we have about 200 phpnuke on our server)

    2- how can I find out that which of account is victim of that spammer ?

    3- how can I filter all phpnuke ?( can I do this with mod_security) ?

    Regard
     
  2. projectandrew

    projectandrew Well-Known Member

    Joined:
    Aug 27, 2003
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Under WHM in Addon Modules, you can install the addonupdates module - this adds another option in WHM called 'Addon Script Manager'. This can be used to find PHPNuke installs, but I am not sure if it only finds versions of PHPNUke that have been installed via cPanel.
     
  3. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    we are currently NOT reccomending to use PHPNuke to our clients.. also if you can, have them shut off the email function in nuke.

    i'm sure there are other solutions as well..
     
  4. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    thanks but how can I filter or shut off outgoing mail of phpnuke sites ?
    a note : we have near to 200 phpnuke on our server. and I donot know , which account is the victim of spammer .! ! :confused: :(

    please help me ! :(
     
  5. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    have u installed PHP suEXEC ? find it in WHM/software/update apache
    u can trace the spammer with that :

    Have u enabled SMTP Tweak ? in Tweak Security
    This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.

    And i guess you could Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.) u find that in WHM/Tweak Settings

    and i guess u could tell all ur customers to protect their nuke install with Sentinel
     
    #5 gorilla, Jan 20, 2005
    Last edited: Jan 20, 2005
  6. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Thanks ! I do that and now I should wait for the future and . . . :)
     

Share This Page