mahdionline

Well-Known Member
Oct 18, 2003
127
0
166
Hi

I have a DREADFUL problem with some of phpnuke that hosted on my server. Ev1 abuse team send me a mail about " PHP-Nuke Exploit " . they notice me that a spammer use of a phpnuke site to do his work. and send many spam in every month.

now I have 3 question :

1- how can i discover that which account on server use phpnuke ?
( I see in mysql database list that we have about 200 phpnuke on our server)

2- how can I find out that which of account is victim of that spammer ?

3- how can I filter all phpnuke ?( can I do this with mod_security) ?

Regard
 

projectandrew

Well-Known Member
Aug 27, 2003
184
0
166
United Kingdom
Under WHM in Addon Modules, you can install the addonupdates module - this adds another option in WHM called 'Addon Script Manager'. This can be used to find PHPNuke installs, but I am not sure if it only finds versions of PHPNUke that have been installed via cPanel.
 

mahdionline

Well-Known Member
Oct 18, 2003
127
0
166
PPNSteve said:
we are currently NOT reccomending to use PHPNuke to our clients.. also if you can, have them shut off the email function in nuke.

i'm sure there are other solutions as well..
thanks but how can I filter or shut off outgoing mail of phpnuke sites ?
a note : we have near to 200 phpnuke on our server. and I donot know , which account is the victim of spammer .! ! :confused: :(

please help me ! :(
 

gorilla

Well-Known Member
Feb 3, 2004
695
1
168
Sydney / Australia
have u installed PHP suEXEC ? find it in WHM/software/update apache
u can trace the spammer with that :

Have u enabled SMTP Tweak ? in Tweak Security
This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.

And i guess you could Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.) u find that in WHM/Tweak Settings

and i guess u could tell all ur customers to protect their nuke install with Sentinel
 
Last edited:

mahdionline

Well-Known Member
Oct 18, 2003
127
0
166
Thanks ! I do that and now I should wait for the future and . . . :)