The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Vulnerabilities in the folders

Discussion in 'General Discussion' started by sreevishnu, Jun 27, 2004.

  1. sreevishnu

    sreevishnu Member

    Joined:
    Aug 18, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    india
    Hello,

    We have experienced several DOS attacks due to the scripts that are uploaded to certain Cpanel folders like /var/mail, /var/cpanel/Count, /usr/local/apache/proxy , etc .

    Could anyone suggest any method to secure these folders, so that no scripts are uploaded to them?

    Regards,
    Sree
     
  2. poornam

    poornam Registered

    Joined:
    May 23, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    drwxr-xr-x 11 nobody nobody 4096 Jan 22 2003 psybnc/
    -rw-r--r-- 1 nobody nobody 584249 Jun 21 20:30 psybnc.tar.gz
    -rwxrwxrwx 1 nobody nobody 27353 Jun 27 00:41 pam*
    -rwxr-xr-x 1 nobody nobody 31061 Jun 27 17:59 fox*
    -rw-r--r-- 1 nobody nobody 22536 Jun 27 17:59 fox.c
    -rwxr-xr-x 1 nobody nobody 13948 Jun 22 18:13 dos6*
    -rw-r--r-- 1 nobody nobody 2816 Jun 22 18:12 dos6.c
    -rw-r--r-- 1 nobody nobody 27353 Jun 24 21:48 cop.1
    -rw-r--r-- 1 nobody nobody 27353 Jun 24 21:48 cop.2
    -rwxrwxrwx 1 nobody nobody 54706 Jun 24 21:46 coper*
    -rwxrwxrwx 1 nobody nobody 27355 Jun 26 02:44 sp*
    -rwxrwxrwx 1 nobody nobody 572 Jun 27 20:30 st*
    -rw-r--r-- 1 nobody nobody 13399 Jan 30 17:04 st.1
    -rwxrwxrwx 1 nobody nobody 14655 Jun 26 01:03 vad*
    -rw-r--r-- 1 nobody nobody 14655 Dec 25 2003 vad.1
    -rwxrwxrwx 1 nobody nobody 14655 Jun 20 01:41 vadim*


    These are some of the files I find in /var/mail and /var/spool/mail

    Any help on what we can do about this..cpanel is getting ridiculously buggy :-/
     
  3. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    You may have been rooted.

    I would get that server looked at by a security expert ASAP.
     
  4. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Sree,

    The folders you metioned are not accessible unless the user has broken out of their account or taken control of your server. Hire a server administrator ASAP to look at your machine.
     
Loading...

Share This Page