Root Access?

Skyline_GTR · Oct 13, 2006

it seems after I disable part of the ajax feature on the forum, the thing is gone...
and I think the code is actually a javascript. but I still couldn't find where is it.

Johnpg82 · Oct 14, 2006

Odd.

I was just hacked.. Something to do w/ the sql system time.

Now I couldn't login to webhost manager but now I can but..

When I try to login to any cpanel account it says..

"License system update in progress. Please try again later."

codegirl42 · Oct 14, 2006

this nuts. i was hacked this morning. i woke up and the server was down and there was this script in the root named news.php that had a shell exploit in it....i believe itpulled down the server...but no defacing happened....

codegirl42 · Oct 14, 2006

he logs in as 'nobody'....is there a way to prevent this??

compunet2 · Oct 14, 2006

phpsuexec should stop nobody.

codegirl42 · Oct 15, 2006

compunet2 said:
phpsuexec should stop nobody.

how do i install this?
using: WHM 10.8.0 cPanel 10.9.0-C43

compunet2 · Oct 15, 2006

run /scripts/easyapache and select phpsuexc from there.

codegirl42 · Oct 15, 2006

compunet2 said:
run /scripts/easyapache and select phpsuexc from there.

when i type scripts/easyapache....it does this "buildapache" thing......

compunet2 · Oct 15, 2006

codegirl42 said:
when i type scripts/easyapache....it does this "buildapache" thing......

Yes, its in the buildapache menu's.... either on the main or under the php options (I can't remember). If you've never ran buildapache before, you may want your sysadmin to do it, so nothing gets damaged during the process.

codegirl42 · Oct 15, 2006

had someone recompile apache with phpsuexec...now id ont know what to do with it...lol

codegirl42 · Oct 15, 2006

good ****! thank you!

compunet2 · Oct 15, 2006

codegirl42 said:
had someone recompile apache with phpsuexec...now id ont know what to do with it...lol

There should be nothing else to do... all php scripts should run as the user, instead of nobody now.

Murtaza_t · Oct 15, 2006

codegirl42 said:
he logs in as 'nobody'....is there a way to prevent this??

PhpSuexe will definately stop nobody but that does not mean that your may not get rooted again and it is not the solution to your problem. Since you have a script with nobody that says that it was uploaded on your server using a PHP code through browser. So you should get your cPanel updated as well as insert some tight mod_security rules that will minimize the threath from browser atleast.

Also you may face 500 errors on many php sites. You may find the solution by searching the forums.

Thread starter	Similar threads	Forum	Replies	Date
	SOLVED looking in /opt I see ai-bolit - but I cannot access that directory via root access of my server?	Security	7	Apr 17, 2022
A	Origin of a root access	Security	7	May 19, 2021
K	My WHM/cpanel account hacked? No access to root	Security	10	Mar 15, 2021
	SSH access for a non root user	Security	2	Aug 10, 2020
M	Disable root SSH access	Security	7	Jun 6, 2020

Search

Search

Root Access?

Skyline_GTR

Member

Johnpg82

Member

codegirl42

Well-Known Member

codegirl42

Well-Known Member

compunet2

Well-Known Member

codegirl42

Well-Known Member

compunet2

Well-Known Member

codegirl42

Well-Known Member

compunet2

Well-Known Member

codegirl42

Well-Known Member

codegirl42

Well-Known Member

compunet2

Well-Known Member

Murtaza_t

Well-Known Member