Thread: Security issue
View Single Post
  #4  
Old 5th November 2008, 13:04
bernholdt bernholdt is offline
Senior Member
 
Join Date: Jun 2007
Posts: 154
Thanks: 44
Thanked 13 Times in 11 Posts
Default

well it seems like i was lucky this time phew

it was uploaded inside a phpbb forum and the file was called r57shell021321610~ with no php extention so the uploader hasent been able to execute the script. I ran several malware and trojan scans and they all went home free.


As i wrote i tested it on my home test server and tried to run some of the command from the script but it couldnt get permission to execute any commands, so it seems that ISP Confic is wery secure, against these kinda scripts.

Output of apache errorlog:
Quote:
find: /proc/19795/task/19795/fd: Permission denied
find: /proc/19795/fd: Permission denied
find: /proc/19796/task/19796/fd: Permission denied
find: /proc/19796/fd: Permission denied
find: /proc/19797/task/19797/fd: Permission denied
find: /proc/19797/fd: Permission denied
find: /var/run/exim4: Permission denied
find: /var/log/mysql: Permission denied
find: /var/log/munin: Permission denied
find: /var/log/exim4: Permission denied
find: /var/lib/mysql/web32db1: Permission denied
find: /var/lib/mysql/web16db4: Permission denied
find: /var/lib/mysql/web16db3: Permission denied
find: /var/lib/mysql/web5db4: Permission denied
find: /var/spool/postfix/saved: Permission denied
find: /var/spool/postfix/hold: Permission denied
find: /var/spool/postfix/maildrop: Permission denied
find: /var/spool/postfix/corrupt: Permission denied
find: /var/spool/postfix/incoming: Permission denied
find: /var/spool/postfix/defer: Permission denied
find: /var/spool/cron/atspool: Permission denied
find: /var/www/web11/user/web11_admin/Maildir: Permission denied
find: /var/www/web27/user/web27_admin/Maildir: Permission denied
And so it keeps on.

On the other hand if i enable Shell from within ispconfig the script takes over and lets the user do almost annything.
__________________
www.gamebook.me
Reply With Quote