Hacking attempt

Discussion in 'General' started by oddo, Jun 12, 2009.

  1. oddo

    oddo New Member



    he copied on the server http://www.wdiet.co.kr/include/tusuk.jpg
    Pararunten Juragan 
    Ngiring Raos SakediK
    User Info: uid=() euid=() gid=()
    Current Path:
    Permission Directory:
    Server Services:
    Server Address:
    Script Current User:
    PHP Version:
    and run a perl script on the server

    What damage did to the server:
    - delete some "/logs/error.log"
    - broke several databases

    What should I need to do to protect the server?


    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Check your server with rkhunter.
    2) Make sure that all available updates had been installed on the server.
    3) Which system user owned this perl script?
    4) If you have roundcube installed on your server, e.g. as ispconfig addon, make sure that you update it to the latest available release.

    Some general things:

    - Enable php safemode when ever possible for a website that uses php
    - Keep your cms systems that you installed in the wesbites up to date. mayn hacking attempts come trough vulnerable cs systems or extensions e.g. for joomla.
  3. oddo

    oddo New Member

    thank you till for your response

    1) the server was ok after checking with rkhunter
    2) not all updates were installed, now is up to date
    3) a user on a site which was installed joomla with module sobi2
    4) yes it was installed, but not as addon, and was not updated to the latest version

    yes is easy, i can activate the option safemode for every website

    but how to limit the effects of cms & extensions that are not updated, I can not update them, each developer needs to update his software

    how to limit scripts outsite web/

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    enable php safemode.
  5. oddo

    oddo New Member

    if i enable php safemode
    perl scripts will also be limited to "web" ?
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    No, thats only for php scripts. Perl scripts can not be limited like this, but if you enable suexec the perl scripts are run by the website user and not the apache user.

Share This Page