The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Remote Data Services Data Control" warning on all my websites ?

Discussion in 'General Discussion' started by fastdns, Jul 17, 2007.

  1. fastdns

    fastdns Member

    Joined:
    Jul 17, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    Hi

    All my websites are trying to run a malicious code, and AV detects that as Bloodhound or its variant XML_HACK.AO .

    The pop up is similar to the one described at :

    http://msmvps.com/blogs/spywaresucks/archive/2007/02/06/548681.aspx

    I have been frantically searcihng for a clue, but in vain.

    Does anyone have an idea what this is and how it is spreading to all the sites ?
     
  2. Parcye

    Parcye Well-Known Member

    Joined:
    May 19, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Eindhoven
    I have the same, anybody got any idea how to solve this?
     
  3. sarhosting

    sarhosting Well-Known Member

    Joined:
    Oct 1, 2007
    Messages:
    164
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you checked all of your logs?

    Is annoymous FTP turned? Have you got a demo account

    Do you have anything insure like sql commands, that could cause SQL inject?

    As these websites, PHP, Java or have any of these in it?

    You could install rkhunter via command like works well for me
     
  4. Parcye

    Parcye Well-Known Member

    Joined:
    May 19, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Eindhoven
    What is rkhunter?

    I have no demo account.

    It looks like it is caused by an old joomla installed by a user.

    Managed to fix the effected sites with a perl script that checks all files in home...
     
  5. sarhosting

    sarhosting Well-Known Member

    Joined:
    Oct 1, 2007
    Messages:
    164
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Twitter:
    RK Hunter:-

    Rootkit scanner

    Project information

    Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

    - MD5 hash compare
    - Look for default files used by rootkits
    - Wrong file permissions for binaries
    - Look for suspected strings in LKM and KLD modules
    - Look for hidden files
    - Optional scan within plaintext and binary files

    Rootkit Hunter is released as GPL licensed project and free for everyone to use.

    * No, not really 99.9%.. It's just another security layer

    http://www.rootkit.nl/projects/rootkit_hunter.html
     
Loading...

Share This Page