The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Hole --- /usr/local/flash/

Discussion in 'Security' started by linuxmav, Dec 28, 2004.

  1. linuxmav

    linuxmav Member

    Joined:
    Mar 31, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    Are cpanel servers supposed to have a dir ' /usr/local/flash/'

    I noticed it today and the permissions are 777 and owned by a uid with no associated username. I had a few other people check theirs and it exist on multiple cpanel servers. Anyone else see this ?
     
  2. jeremyk

    jeremyk Registered

    Joined:
    Feb 4, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    I don't have that dir on my cpanel server.
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    That is there if the --with-swf=/usr/local/flash switch was used when updating/installing PHP.
     
  4. ntfx

    ntfx Member

    Joined:
    Sep 25, 2004
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    151
    your own fault mate, i dont have it
     
  5. linuxmav

    linuxmav Member

    Joined:
    Mar 31, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    my own fault ?? Actually cpanel's lastest buildapache made the directory vulnerable with the flash option on, but thanks for playing. I contacted cpanel and they corrected it in their new build. So update if you had flash built in.
     
    #5 linuxmav, Dec 28, 2004
    Last edited: Dec 28, 2004
  6. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    I have flash enabled on all my servers, but on one its a continual security problem with eggdrops constantly being loaded.

    Ive done sysup's and recompiled PHP and ap[ache but its still a problem can anyone advise how i can fix thi?
     
  7. linuxmav

    linuxmav Member

    Joined:
    Mar 31, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    You need to remove the flash dir and then recompile php.

    rm -Rf /usr/local/flash
    /scripts/easyapache
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Yup, just one of many you should be looking out for, including:

    /tmp (obviously)
    /var/tmp/
    /usr/tmp/
    /usr/local/apache/proxy/
    /var/log/*/

    Unltimately, you should be securing the server to prevent the exploits getting in there in the first place.
     
  9. sigep739

    sigep739 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    156
    do you really recommend me removing it an recompiling apache? i have this directory too, the UID is 103 and the group is wheel.. with permission of 777.

    What would recompiling apache do to help? Wouldnt that just recreate the directory? Cant I just give it a username?
     
Loading...

Share This Page