The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server Attack, every day, help:(

Discussion in 'General Discussion' started by x-man, Jul 16, 2004.

  1. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Hello,
    every day somebody attack my server and put some files in my /var/tmp and /tmp/ directory and execute (on my serevr I have cPanel/WHM), I search in logs (usr/local/apache/domlogs and var/log) how he do that but I can`t find, only what I find today in domlogs is this code, what is this and can he do that with this code, how I can protect my server if he do that with this code (code is in file who I attach in this post)....

    Please somebody help me...this is big problem for me.
    Thanks!
     

    Attached Files:

    • log.txt
      File size:
      32.8 KB
      Views:
      79
  2. jester.ro

    jester.ro Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2004
    Messages:
    304
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest, Romania
    cPanel Access Level:
    DataCenter Provider
    that's not it.
    that is some worm trying to hack IIS(windows webserver).
    you have apache, no worries there.


    you shoud search this forum about securing your /tmp
    it's probably one of your client that does it.
     
  3. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Yes, Linux/Apache...but I can`t find how he do that....I search in all my logs and nothing...
    Also, I have secure TMP (var/tmp and tmp)...
    Also, I have disabled compilers...

    But all of this don`t help!

    One more thing, THAT IS MY SITE, he create that files and run every time on one of my sites (in processes I can see that, my username)....

    But I don`t understand how, how I can`t find that in logs...
    Where I must search more?

    Please help me...

    Thanks

    SORRY IF MY ENGLISH BAD!
     
  4. ISNScott

    ISNScott Member

    Joined:
    Jul 16, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
  5. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    yes, safemod is enabled on my server...
    How I can disable "all shell calls"?
     
    #5 x-man, Jul 16, 2004
    Last edited: Jul 16, 2004
  6. networxhosting

    networxhosting Well-Known Member
    PartnerNOC

    Joined:
    Apr 22, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hamilton, Ontario, CANADA
    you would need

    disable_functions = system exec passthru

    In your php.ini
     
Loading...

Share This Page