ghaidaa

Member
Oct 26, 2007
5
0
51
hello
i keep finding this page all of my clients especially those who have vBulletin forums

a picture attached to this thread please check and inform me how to prevent these files from being uploaded to my server
the picture is in arabic but i think it is clear
it has most on SSH commands
 

Attachments

sirotex

Well-Known Member
Jul 10, 2008
121
0
66
hello
i keep finding this page all of my clients especially those who have vBulletin forums

a picture attached to this thread please check and inform me how to prevent these files from being uploaded to my server
the picture is in arabic but i think it is clear
it has most on SSH commands
Hello,

You what?

This is nothing to do with CPanel..
 

Infopro

Well-Known Member
May 20, 2003
17,090
519
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
hello
i keep finding this page all of my clients especially those who have vBulletin forums

a picture attached to this thread please check and inform me how to prevent these files from being uploaded to my server
the picture is in arabic but i think it is clear
it has most on SSH commands
This does not look good. Especially if you're finding it all over.

Personally I'd lock down any account I found that on and then start worrying that my entire server was compromised. At the very least you have some sort of script that has been compromised, surely.

Moving to apache2.x with suphp and mod_security would help some, making sure every single script (vbulletin, Joomla, *.nuke and so on) are up to date or locked down, would help as well.

Don't ignore this.
 

sirotex

Well-Known Member
Jul 10, 2008
121
0
66
It still isn't a CPanel issue, talk to Vbulletin about it..

Also, it is _probably_ a vbulletin module, if you ask Vbulletin they will tell you.

I don't see how this is a "security risk", seen as it is indeed in the Admin Panel..

Are you out just to cause worry?
 
Last edited:

proclan

Member
Sep 15, 2006
7
0
151
I've seen that hack in English and it's usually used on php sites like nuke. They normally use it to upload scripts to the hacked account. It's not a server hack. But I cant remember the name of it. I would also check all of the folders on that account for any unusual files and folders and remove them. Then tell the client to update any software they are using.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
i keep finding this page all of my clients especially those who have vBulletin forums

a picture attached to this thread please check and inform me how to prevent these files from being uploaded to my server
From the image attached to your posting, it looks like a phpshell script such as c99 or r57. Make sure your server is not compromised.

HowTo secure vBulletin from being hacked: http://servertune.com/kbase/entry/339/
 

ghaidaa

Member
Oct 26, 2007
5
0
51
thank you verymuch for your help
i know its not a Cpanel issue or a VBulletin script but i thoghut i could find help in a trusted place and I did
yes its true the picture shows a shell called C99 and it is the same as C75

i found somthing today that can prevent uploading that kind of shell to the VB
its called "CrackerTracker" you can download it from here
www.traidnt.net/vb/attachment.php?attachmentid=108055&d=1171067073
and more info at
CrackerTracker - A Protection System from http://www.cback.de
i sent an email to all my clients to update their forums and scripts and asked them to use the hack
i will try it and inform you later
i accept more assistance ;)
 
Last edited by a moderator: