Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Attack, every day, help:(

Discussion in 'General Discussion' started by x-man, Jul 16, 2004.

  1. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Hello,
    every day somebody attack my server and put some files in my /var/tmp and /tmp/ directory and execute (on my serevr I have cPanel/WHM), I search in logs (usr/local/apache/domlogs and var/log) how he do that but I can`t find, only what I find today in domlogs is this code, what is this and can he do that with this code, how I can protect my server if he do that with this code (code is in file who I attach in this post)....

    Please somebody help me...this is big problem for me.
    Thanks!
     

    Attached Files:

    • log.txt
      File size:
      32.8 KB
      Views:
      79
  2. jester.ro

    jester.ro Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2004
    Messages:
    304
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Bucharest, Romania
    cPanel Access Level:
    DataCenter Provider
    that's not it.
    that is some worm trying to hack IIS(windows webserver).
    you have apache, no worries there.


    you shoud search this forum about securing your /tmp
    it's probably one of your client that does it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Yes, Linux/Apache...but I can`t find how he do that....I search in all my logs and nothing...
    Also, I have secure TMP (var/tmp and tmp)...
    Also, I have disabled compilers...

    But all of this don`t help!

    One more thing, THAT IS MY SITE, he create that files and run every time on one of my sites (in processes I can see that, my username)....

    But I don`t understand how, how I can`t find that in logs...
    Where I must search more?

    Please help me...

    Thanks

    SORRY IF MY ENGLISH BAD!
     
  4. ISNScott

    ISNScott Member

    Joined:
    Jul 16, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    151
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    yes, safemod is enabled on my server...
    How I can disable "all shell calls"?
     
    #5 x-man, Jul 16, 2004
    Last edited: Jul 16, 2004
  6. networxhosting

    networxhosting Well-Known Member
    PartnerNOC

    Joined:
    Apr 22, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Hamilton, Ontario, CANADA
    you would need

    disable_functions = system exec passthru

    In your php.ini
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice