The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Hole --- /usr/local/flash/

Discussion in 'Security' started by linuxmav, Dec 28, 2004.

  1. linuxmav

    linuxmav Member

    Joined:
    Mar 31, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Are cpanel servers supposed to have a dir ' /usr/local/flash/'

    I noticed it today and the permissions are 777 and owned by a uid with no associated username. I had a few other people check theirs and it exist on multiple cpanel servers. Anyone else see this ?
     
  2. jeremyk

    jeremyk Registered

    Joined:
    Feb 4, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I don't have that dir on my cpanel server.
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    That is there if the --with-swf=/usr/local/flash switch was used when updating/installing PHP.
     
  4. ntfx

    ntfx Member

    Joined:
    Sep 25, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    your own fault mate, i dont have it
     
  5. linuxmav

    linuxmav Member

    Joined:
    Mar 31, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    my own fault ?? Actually cpanel's lastest buildapache made the directory vulnerable with the flash option on, but thanks for playing. I contacted cpanel and they corrected it in their new build. So update if you had flash built in.
     
    #5 linuxmav, Dec 28, 2004
    Last edited: Dec 28, 2004
  6. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    I have flash enabled on all my servers, but on one its a continual security problem with eggdrops constantly being loaded.

    Ive done sysup's and recompiled PHP and ap[ache but its still a problem can anyone advise how i can fix thi?
     
  7. linuxmav

    linuxmav Member

    Joined:
    Mar 31, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    You need to remove the flash dir and then recompile php.

    rm -Rf /usr/local/flash
    /scripts/easyapache
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup, just one of many you should be looking out for, including:

    /tmp (obviously)
    /var/tmp/
    /usr/tmp/
    /usr/local/apache/proxy/
    /var/log/*/

    Unltimately, you should be securing the server to prevent the exploits getting in there in the first place.
     
  9. sigep739

    sigep739 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    do you really recommend me removing it an recompiling apache? i have this directory too, the UID is 103 and the group is wheel.. with permission of 777.

    What would recompiling apache do to help? Wouldnt that just recreate the directory? Cant I just give it a username?
     
Loading...

Share This Page