The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpsuexec problems

Discussion in 'General Discussion' started by InternetPEI, Aug 15, 2006.

  1. InternetPEI

    InternetPEI Well-Known Member

    Joined:
    May 26, 2003
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Due to someone sending out mail as nobody, I disabled nobody from sending mail in whm, then some of my scripts wouldnt send mail, so I rebuilt apache with the cgi option.

    Everything seems to be working somewhat....

    BUT a few sites wouldnt come up, error 500, fixed the htaccess and they now work, I cant get my phpsysinfo working now at all, (alias still there, but auto redirects back to my index when I type that url in) and out of the blue some sites go down, today my homepage was down with no mods done, I renamed the htacess and it worked again..

    What would cause the site to go down with no editing of the htaccess and it worked before?

    I tailed the logs and didnt see anything that showed what was going on..

    Is there any other solution to prevent nobody without using phpsuexec (and still having things like phpbb and my billing software send out mail) ?

    I enabled the advanced logging in exim, but I dont feel comfortable turning it all off again and waiting because the person doing the spam sending only did it 2 times starting about a week ago, and after I stopped it the first time, they didnt do it for about another 2 days, so I dont feel like turning it on and sitting tailing the mail log for 2+ days hoping I can catch him before he sends too much....

    Is there any way to have a copy of all "nobody" email sent to me so I can be alerted when some start being sent?

    Any suggestions?
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    To learn about Phpsuexec, go to: http://forums.cpanel.net/showthread.php?t=53071

    I am sure you are aware of this, but Phpsuexec is not the only mechanism to secure your server. I suggest you install some of the well-known software applications such as ModSecurity, APF and BFD; patch the insecure php programs including PhpBB, PhpNuke, and osTicket. Hope this helps!
     
  3. InternetPEI

    InternetPEI Well-Known Member

    Joined:
    May 26, 2003
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    16

    Thanks, I have the server secure, but I am hoping that there is a way I can get a copy of all outgoing mail sent by nobody so I can track what script is insecure. Any suggestions on how to do this?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Using extended logging is still the best idea. You can then search the exim_mainlog for script activiations using:

    grep cwd=/home /var/log/exim_mainlog

    You only need to do that periodically.

    Alternatively, you could install my firewall which tracks exactly this type of activity for you and even has a go and determining the offending script for you.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  6. InternetPEI

    InternetPEI Well-Known Member

    Joined:
    May 26, 2003
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    16
    Thanks :)


    Is there anyway to limit the amount of mails that nobody can send per hour or have me CC'ed on them all?

    Thanks
     
Loading...

Share This Page