[newmailcgi] Recently Uploaded CGI Scripts On CPanel Server
Dec 11, 2007
Whenever someone uploads or re-uploads to my server a file relating to a CGI script that sends mail, I get an email with something like:
Quote:
Note: If this is the first time you received this mail, it contains the history for the entire month so far.
Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM.
/home/xxxxxxx/public_html/followup/send2.php:106: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send2.php:107: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send2.php:108: }
---
/home/xxxxxxx/public_html/followup/send.php:100: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send.php:101: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send.php:102: }
---
What steps can I take to actually inspect them to ensure they are not sending out SPAM?
View 2 Replies
ADVERTISEMENT
Oct 1, 2007
Well recently changed a clients site over to our servers.
I trying to help the guy by clearing out most of the unwanted stuff..
I try to delete some addon domains, but they state
"Error from park wrapper: Sorry, I do not believe you control the subdomain for 'domain'.com."
but he does own it.. and its infact in his account... unsure how to alter this, as there isnt any option in whm...
View 5 Replies
View Related
Jun 27, 2009
I am wanting to know if there is a way to stop files being uploaded to my vps, via ftp cpanel etc that are malicious..
I have been told there is a way to do this but i havent been told how..
Basicaly i want to know if there is something where i can add a list of keywords that are in the malicious files and what ever it is will stop them from being uploaded or if they manage to get uploaded onto my vps will it make them not work?
I am looking into this as i had an issue before where someone uploaded a shell onto my server :@ luckily it didnt cause no damage or he didnt get anywhere but i still want to be safe.
View 5 Replies
View Related
Jul 28, 2008
2nd time now server within 24hrs is down, not sure whats happening. Anyone with volumedrive facing same issues, or i am just being unlucky.
Am still awaiting a thorough reply to last nights downtime. If its server issue i need to know and fix it, but if its network issue, i still need to know to decide accordingly the best route. But am right now in a dark and does not help me much !
Sorry had to ask this publicly but its not VD thats losing money its me.
View 10 Replies
View Related
Sep 27, 2007
Now they stated this.. but im totally unsure what it means. If anyone knows. what section is for what... i only see the ip once, that they reported the spam come from 66.79.165.30.
Code:
X-Apparently-To: x via 66.163.179.144; Wed, 26 Sep 2007 11:00:52 -0700
X-Originating-IP: [68.230.241.14]
Authentication-Results: mta175.mail.re2.yahoo.com from=cox.net; domainkeys=neutral (no sig)
Received: from 68.230.241.14 (EHLO fed1rmpop110.cox.net) (68.230.241.14)
by mta175.mail.re2.yahoo.com with SMTP; Wed, 26 Sep 2007 11:00:52 -0700
Received: from fed1rmimpo01.cox.net ([70.169.32.71])
by fed1rmmtao105.cox.net
(InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP
id <20070926175141.MUBZ11358.fed1rmmtao105.cox.net@fed1rmimpo01.cox.net>;
Wed, 26 Sep 2007 13:51:41 -0400
Received: from fed1wml11.mgt.cox.net ([172.18.180.10])
by fed1rmimpo01.cox.net with bizsmtp
id t5re1X00W0DrMWL0000000; Wed, 26 Sep 2007 13:51:39 -0400
Received: from 66.79.165.30 by webmail.west.cox.net; Wed, 26 Sep 2007 13:51:38 -0400
Date: Wed, 26 Sep 2007 10:51:39 -0700
From: UK NATIONA LOTTERY <gailpmm@cox.net>
Reply-To: mrsjuliaelm@hotmail.com
Subject: Congratulation! you have won
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
Sensitivity: Normal
View 12 Replies
View Related
Jan 5, 2008
Does anybody understand what is going on here?
Here is the problem:
I log in to FTP and I try and upload an updated file (the file already exists on server). It prompts me to overwrite and I say yes but when I refresh/check the site the page hasnt changed - I then tried uploading the file again and it still says the existing file size (so I know it hasnt been replace).
Any idea why it it not overwriting?
The files are CHOWNed my the owner (FTP user) which is myself.
View 11 Replies
View Related
Mar 5, 2008
I want to filter any files uploaded and i have put this line at php.ini
suhosin.upload.verification_script = /my path
But my problem till now i can not make this script. (Disable upload php files)
View 1 Replies
View Related
Feb 2, 2008
I uploaded my file to web server(html, image file and css file), but strangely after uploaded it to server all file that I uploaded size 0 KB. I uploaded it using WS FTP.
Is there something wrong the way I uploaded it.
View 2 Replies
View Related
Aug 4, 2007
I used to have my apache 1.3.37 with PHP compiled as a CGI. Whenever i have a php script (say vbulletin forum software) that allow file uploads, files will be uploaded with the correct userid and groupid on the server. However, once i compiled PHP as ISAPI module, the files will be uploaded but will be owned by 'nobody'. Of course i can log in as root and chown it back to the right user, but it's a hassle if there are multiple user accounts on the server and they're using php software on their end. If someone is using an ftp program and tries to overwrite that uploaded file that's owned by nobody, it will not let them do so. Is there a way to fix this, or change the config files that would fix it?
View 3 Replies
View Related
Jul 31, 2007
Someones managed to upload a phishing site to my VPS.
How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.
Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?
I've got solarvps looking at it now.
View 14 Replies
View Related
Nov 6, 2008
Shell uploaded - Site hacked - How to trace?
Many of my customers let me know that their websites had been hacked. I think it comes from local hacker ....
View 7 Replies
View Related
Mar 27, 2009
I have a dedicated server, the server itself is secure (as far as I know) and I run lots of my sites from it. I offered a friend hosting for his flash based chat application he built.
Today I was contacted by someone; "Are you the owner of xxxx.net?" so I informed that yes, it was my server and they then showed me an email they'd received from my server. I did a search and apparently someone uploaded mail.php and a couple of files it was using to send out spam based upon a variety of conditions that the other files met. The files contained forenames and surnames, it'd use a forename and a surname then send it to popular free mail services. The email contained ramblings about new world order and promoted a website.
How can I find out how they got the files uploaded to the account and what action can I take? I checked the whois for the domain and have their contact information, however it's a large site so I'm doubtful that the owner did it. I don't want my servers IPs being blacklisted for spam :|
View 3 Replies
View Related
Oct 20, 2008
How many websites can be uploaded to one single webspace account
View 9 Replies
View Related
May 26, 2007
I have a RHEL 4 plain server, and im using vsftpd server, i can not find an option to specify the max size for uploading files... does anybody know something about this?
View 1 Replies
View Related
Jun 26, 2007
I've recently started experiencing some issues where files uploaded through Joomla or some other scripts (mostly PHP) inherit a permission of 600. Prior to updates being done on the server I'm hosted on, uploaded files received 644 permissions and all things worked great.
I've checked the umask that assigned to the shell (022) and have ruled out that as a problem.
View 7 Replies
View Related
Mar 1, 2014
I am using a upload script for my files. After upload i cant see them on ftp but can see on panel file manager.
View 9 Replies
View Related
Jan 17, 2014
I created a FTP account with vsftp and files uploaded are not readable via www-data
View 1 Replies
View Related
Nov 7, 2009
This is the scenario, domain.com are setup on server1, however server2 also has the same profile of domain.com as we use ns3 and ns4 using domain.com. This works fine with the nameserver setup on server2.
However I encounter problems as the emails from server2 won't reach server1 as there are duplicate profile on server2.
My question is how do I setup the DNS in cpanel/whm from server2 so the emails from server2 will reach server1?
Server1 (www.domain.com)
ns1.domain.com
ns2.domain.com
Server2
ns3.domain.com
ns4.domain.com
View 6 Replies
View Related
Mar 14, 2007
I have 2 servers both have cpanel. I want to use 2nd server's mysql in my site which is on 1st server. I think thats not that hard. I don't wanna do clustering as this is temproary.
View 2 Replies
View Related
Oct 23, 2009
I need to move an SSL certificate from a cPanel server to a Plesk server.
View 3 Replies
View Related
Dec 21, 2008
if it's possible to use ODBC to connect to a Windows box from a Linux cPanel server. We have attempted connections from PHP (both as CGI as well as Apache module) and we get:
Fatal error: Call to undefined function odbc_pconnect() in...
and
Fatal error: Call to undefined function odbc_connect() in...
Is ODBC possible on cPanel servers?
View 2 Replies
View Related
Apr 21, 2009
I just had user KILL the server using 80% CPU and 30% ram.
Processor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Processor #1 speed: 2331.000 MHz
Processor #1 cache size: 2048 KB
Memory: 4039468k/4718592k available (2494k kernel code, 144784k reserved, 1262k data, 200k init)
with 1TB HDD
How can I restrict him or anybody else from doing this? MySQL was in the next top useage... his site runs a HUGE DB...
Have the following edits
Code:
/etc/my.cnf
[mysqld]
safe-show-database
skip-innodb
max_connections = 800
key_buffer = 96M
myisam_sort_buffer_size = 64M
join_buffer_size = 2M
read_buffer_size = 2M
sort_buffer_size = 3M
table_cache = 1800
thread_cache_size = 128
wait_timeout = 900
connect_timeout = 10
tmp_table_size = 128M
read_rnd_buffer_size = 524288
bulk_insert_buffer_size = 8M
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 2M
query_cache_size = 192M
query_cache_type = 1
query_prealloc_size = 16384
query_alloc_block_size = 16384
[mysqld_safe]
open_files_limit=8192
[mysqldump]
quick
max_allowed_packet=16M
[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M
View 3 Replies
View Related
