The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

urgent help wanted

Discussion in 'Security' started by ghaidaa, Jul 11, 2008.

  1. ghaidaa

    ghaidaa Member

    Joined:
    Oct 26, 2007
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    51
    hello
    i keep finding this page all of my clients especially those who have vBulletin forums

    a picture attached to this thread please check and inform me how to prevent these files from being uploaded to my server
    the picture is in arabic but i think it is clear
    it has most on SSH commands
     

    Attached Files:

    #1 ghaidaa, Jul 11, 2008
  2. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    66
    Hello,

    You what?

    This is nothing to do with CPanel..
     
    #2 sirotex, Jul 11, 2008
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,420
    Likes Received:
    285
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This does not look good. Especially if you're finding it all over.

    Personally I'd lock down any account I found that on and then start worrying that my entire server was compromised. At the very least you have some sort of script that has been compromised, surely.

    Moving to apache2.x with suphp and mod_security would help some, making sure every single script (vbulletin, Joomla, *.nuke and so on) are up to date or locked down, would help as well.

    Don't ignore this.
     
    #3 Infopro, Jul 11, 2008
  4. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    66
    It still isn't a CPanel issue, talk to Vbulletin about it..

    Also, it is _probably_ a vbulletin module, if you ask Vbulletin they will tell you.

    I don't see how this is a "security risk", seen as it is indeed in the Admin Panel..

    Are you out just to cause worry?
     
    #4 sirotex, Jul 11, 2008
    Last edited: Jul 11, 2008
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,420
    Likes Received:
    285
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you don't recognize it, you'll just have to trust me that that image posted above is not a vbulletin module and is not safe to have on your server.
     
    #5 Infopro, Jul 12, 2008
  6. proclan

    proclan Member

    Joined:
    Sep 15, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    I've seen that hack in English and it's usually used on php sites like nuke. They normally use it to upload scripts to the hacked account. It's not a server hack. But I cant remember the name of it. I would also check all of the folders on that account for any unusual files and folders and remove them. Then tell the client to update any software they are using.
     
    #6 proclan, Jul 12, 2008
  7. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    From the image attached to your posting, it looks like a phpshell script such as c99 or r57. Make sure your server is not compromised.

    HowTo secure vBulletin from being hacked: http://servertune.com/kbase/entry/339/
     
    #7 AndyReed, Jul 12, 2008
  8. ghaidaa

    ghaidaa Member

    Joined:
    Oct 26, 2007
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    51
    thank you verymuch for your help
    i know its not a Cpanel issue or a VBulletin script but i thoghut i could find help in a trusted place and I did
    yes its true the picture shows a shell called C99 and it is the same as C75

    i found somthing today that can prevent uploading that kind of shell to the VB
    its called "CrackerTracker" you can download it from here
    www.traidnt.net/vb/attachment.php?attachmentid=108055&d=1171067073
    and more info at
    CrackerTracker - A Protection System from http://www.cback.de
    i sent an email to all my clients to update their forums and scripts and asked them to use the hack
    i will try it and inform you later
    i accept more assistance ;)
     
    #8 ghaidaa, Jul 12, 2008
    Last edited by a moderator: Jul 13, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - urgent help wanted
  1. Abdi

    Help to get started with cPanel

    Abdi, Jun 19, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    29
    cPanelMichael
    Jun 20, 2017 at 8:48 AM
  2. Spork Schivago

    Help securing rpcbind

    Spork Schivago, Jun 14, 2017, in forum: Security
    Replies:
    4
    Views:
    52
    Spork Schivago
    Jun 14, 2017
  3. itmonitor

    Help with customised logo cPanel + Webmail

    itmonitor, Jun 9, 2017, in forum: Workarounds and Optimization
    Replies:
    7
    Views:
    83
    Infopro
    Jun 9, 2017
  4. mmarhama

    Need help optimising my.cnf Mysql

    mmarhama, Jun 1, 2017, in forum: Workarounds and Optimization
    Replies:
    5
    Views:
    201
    cPanelMichael
    Jun 5, 2017
  5. lonsg

    Help with root crons and maybe more issues

    lonsg, May 31, 2017, in forum: General Discussion
    Replies:
    10
    Views:
    103
    Infopro
    Jun 3, 2017

Share This Page