The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wget abuse / hack

Discussion in 'Security' started by ukhost4u, Apr 22, 2013.

  1. ukhost4u

    ukhost4u Active Member
    PartnerNOC

    Joined:
    Apr 24, 2003
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Hello.

    We are currently having problems on a number of server's with the WGET command. What seems to be happening is a hacked script is being called on a customers web site (Normally a wordpress or Joomla site) and its calling the wget command and opening thousands of WGET processes.

    This is then causing our server to max out its port speed and make it unresponsive. The issue I am having is that the request only seems to last for a couple of mins, so by the time we get access to the server the command is gone and the problem has stopped.

    Has anyone else had this problem and if so how have you worked around this? As this has effected a couple of our cPanel servers I don't think this will be limited to us.

    Any help would be great as Mod Security and CSF are doing nothing for this.
     
  2. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    As a temporary workaround can you try removing wget from server ?
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    chmod 700 /usr/bin/wget
     

Share This Page