The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Whole?

Discussion in 'Security' started by deadend, Dec 31, 2007.

  1. deadend

    deadend Active Member

    Joined:
    Jan 18, 2007
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Hi Guys,

    I was in the process of removing a individual off of one of our dedicated web servers and in the process, I came across a file in his folder there were two php files that contained our root login password for that web server.

    I have been trying to figure out how he was able to come up with a random 15+ digit password for this server. This individial was also only recently moved via CP move from another one of our web servers to this one.

    Has anyone come across somthing like this, we have saved his entire contents and setup in case they need to be investigated, but I am afraid we may have a security whole in either our setup or in cpanel itself.

    We are running the latest CPanel 11 stable build on centOS 5. It is a quite generic setup beyond running a Firewall and roundcube webmail. We also have secutiy in place for SSH, where it can only be access via our key and passphrase.

    Contents of File #1 (Config.php)
    <?php
    //certain variables required for setup
    $siteurl="http://gamescoper.byethost13.com";
    $title="GameScoper";// Site name
    $host="sql2.byethost13.com"; // Host name
    gscopername="b13_1018059"; // Mysql username
    xxxxxxxxxxxx="969696"; // Mysql password
    $db_name="b13_1018059_gamescoper"; // Database name
    ?>

    Contents of File #2 (Connector.php)
    <?php
    // Connect to server and select database.
    mysql_connect("$host", "gscopername", "xxxxxxxxxxx")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");
    ?>

    Note: The XXXX represent the root password and we are not byethost13.com.

    Any help would be appreciated guys, thanks!

    Added: One other note guys, the root password for MySQL and the server are different. He came up with the root password to the server, not MySQL.
     
    #1 deadend, Dec 31, 2007
    Last edited: Dec 31, 2007
  2. deadend

    deadend Active Member

    Joined:
    Jan 18, 2007
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Hi Guys,

    Seems this issue may be a little on the large side. I have the account suspended, yet the files our changing. I changed the root password and the files are now showing the new root password to this server.

    To add more information, I am using the filemanager built into Cpanel and using the view option to view the contents of the files I posted above. I am wondering if it is possible that the code is in such a way that it is interacting with either my cookies or the file manager and showing the password, whether it being intentional or not.
     
    #2 deadend, Dec 31, 2007
    Last edited: Dec 31, 2007
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Try viewing the files via SSH connection. If they don't the root password, please post what they do display instead.
     
  4. deadend

    deadend Active Member

    Joined:
    Jan 18, 2007
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Hi Kenneth,

    For Connector.php

    <?php
    // Connect to server and select database.
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");
    ?>

    Config.php

    <?php
    //certain variables required for setup
    $siteurl="http://gamescoper.byethost13.com";
    $title="GameScoper";// Site name
    $host="sql2.byethost13.com"; // Host name
    $username="b13_1018059"; // Mysql username
    $password="696969"; // Mysql password
    $db_name="b13_1018059_gamescoper"; // Database name
    ?>

    Looks like it is only a bug with the file manager, had me a little worried last night.
     
Loading...

Share This Page