The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

URGENT Exploit - Act accordingly

Discussion in 'General Discussion' started by TheDood, Dec 7, 2004.

  1. TheDood

    TheDood Member

    Joined:
    Feb 17, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utah
    To all system admins that are running cPanel, listen carfully.

    I wish this post could be about better things than this.
    Recently an exploit in cPanel was use on one of my hosting servers
    (www.p42hosting.com). There was a script loaded that continuously
    downloaded files and clogged up our out going email system.
    What I found that is happening is the script will download the file called
    "bindtty", this file then downloads "vadim.c" from the same location
    and compiles it on the affected server and injects 500 + spam messages
    per second into the local servers out going SMTP connection. We have
    disabled our outgoing email for the time being until we can get rid of
    it. If you see any milisious activity please do what you need to do to the account holder of these files so this is stopped.

    Thank you for your time and I hope you can stop this from becoming a larger problem.

    Here is some more information that you may research.

    I'm glad the outgoing mail was the ONLY thing they did to my server, it could have been worse
     
  2. cPanelBilly

    cPanelBilly Guest

    Please note this is NOT a cPanel exploit. This is a webhosting exploit and you should have an admin secure your server.
     
  3. TheDood

    TheDood Member

    Joined:
    Feb 17, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Utah
    Okay, Whoever get's stumped on this, i have a solution for you, go into your php.ini and change your Global Vars to Off
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's just hiding the problem. As Billy said, it's a bug in one of your PHP/CGI scripts that needs fixing.
     

Share This Page