Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

urgent help wanted

Discussion in 'Security' started by ghaidaa, Jul 11, 2008.

  1. ghaidaa

    ghaidaa Member

    Joined:
    Oct 26, 2007
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    51
    hello
    i keep finding this page all of my clients especially those who have vBulletin forums

    a picture attached to this thread please check and inform me how to prevent these files from being uploaded to my server
    the picture is in arabic but i think it is clear
    it has most on SSH commands
     

    Attached Files:

    #1 ghaidaa, Jul 11, 2008
  2. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    66
    Hello,

    You what?

    This is nothing to do with CPanel..
     
    #2 sirotex, Jul 11, 2008
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This does not look good. Especially if you're finding it all over.

    Personally I'd lock down any account I found that on and then start worrying that my entire server was compromised. At the very least you have some sort of script that has been compromised, surely.

    Moving to apache2.x with suphp and mod_security would help some, making sure every single script (vbulletin, Joomla, *.nuke and so on) are up to date or locked down, would help as well.

    Don't ignore this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 Infopro, Jul 11, 2008
  4. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    66
    It still isn't a CPanel issue, talk to Vbulletin about it..

    Also, it is _probably_ a vbulletin module, if you ask Vbulletin they will tell you.

    I don't see how this is a "security risk", seen as it is indeed in the Admin Panel..

    Are you out just to cause worry?
     
    #4 sirotex, Jul 11, 2008
    Last edited: Jul 11, 2008
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you don't recognize it, you'll just have to trust me that that image posted above is not a vbulletin module and is not safe to have on your server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 Infopro, Jul 12, 2008
  6. proclan

    proclan Member

    Joined:
    Sep 15, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    I've seen that hack in English and it's usually used on php sites like nuke. They normally use it to upload scripts to the hacked account. It's not a server hack. But I cant remember the name of it. I would also check all of the folders on that account for any unusual files and folders and remove them. Then tell the client to update any software they are using.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 proclan, Jul 12, 2008
  7. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    From the image attached to your posting, it looks like a phpshell script such as c99 or r57. Make sure your server is not compromised.

    HowTo secure vBulletin from being hacked: http://servertune.com/kbase/entry/339/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 AndyReed, Jul 12, 2008
  8. ghaidaa

    ghaidaa Member

    Joined:
    Oct 26, 2007
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    51
    thank you verymuch for your help
    i know its not a Cpanel issue or a VBulletin script but i thoghut i could find help in a trusted place and I did
    yes its true the picture shows a shell called C99 and it is the same as C75

    i found somthing today that can prevent uploading that kind of shell to the VB
    its called "CrackerTracker" you can download it from here
    www.traidnt.net/vb/attachment.php?attachmentid=108055&d=1171067073
    and more info at
    CrackerTracker - A Protection System from http://www.cback.de
    i sent an email to all my clients to update their forums and scripts and asked them to use the hack
    i will try it and inform you later
    i accept more assistance ;)
     
    #8 ghaidaa, Jul 12, 2008
    Last edited by a moderator: Jul 13, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - urgent help wanted
  1. segun_nira

    Urgent need to Recover mistakenly deleted files

    segun_nira, Jul 24, 2017, in forum: E-mail Discussion
    Replies:
    7
    Views:
    890
    24x7server
    Jul 25, 2017
  2. cPanelBenny

    Urgent DCV Updates

    cPanelBenny, Jul 10, 2017, in forum: cPanel Announcements
    Replies:
    3
    Views:
    5,053
    linux4me2
    Jul 20, 2017
  3. Spasso

    PHP Startup: Unable to load dynamic library error [help]

    Spasso, Aug 15, 2018 at 5:22 PM, in forum: General Discussion
    Replies:
    1
    Views:
    27
    cPanelMichael
    Aug 16, 2018 at 11:34 AM
  4. KFoe

    SOLVED Cpanel University is there a chat or group I can join for help?

    KFoe, Jul 8, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    110
    cPanelLauren
    Jul 9, 2018
  5. xanadu

    Problem with Auto SSL that I need help in solving please

    xanadu, Jul 6, 2018, in forum: Security
    Replies:
    1
    Views:
    421
    cPanelLauren
    Jul 9, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice