C99Shell Folders?
I found these folders in the root
/usr/bin/c99
/usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp
/usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp
what are these ? is it normal folders ? or somebody hacked our server?
what shall I do?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
C99Shell :: How To Detect Or Disable The Functionality Of C99Shell
Recently my site was defaced, (i own a dedicated server), my server was not touched, but one of the applications I used on the site was exploited to gain access to it. I have noticed 4 or 5 c99 shells in different locations on my ftp. The site is back online, but it's definitely possible that they have one of these hidden somewhere and that they'll just do it again. I am using cent os 5 How can I easily search for these on my box? Can I disable their functionality? is there setting I can use in htaccess or something to make my website safer? I visited one of the scripts, and it said SAFEMODE OFF, how can I at least enable safemode? I don't know much of anything about linux, but I am running cpanel and WHM. I have a guy who manages my box but he is hard to get a hold of sometimes, and I'd like to take care of this ASAP!
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
C99Shell Hackers Killing Me!
guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked! thats unbelivable!!! those bastards upload there shell scripts to websites via bugs or whatever from php files!! is there anyway to stop these commands? can .htaccess helps? how? i talked to my webhosting companies for my websites! ....
View Replies!
View Related
Mod_security & C99shell Anyone Help Please ?
I installed modsecurity from Addone module in Cpanel When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini. Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View Replies!
View Related
C99shell Disable PHP Scripts?
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites. i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server so is there any way to disable this kind of php file or at least disable some function within the file! i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
View Replies!
View Related
C99Shell :: Attack Rules For Mod_security
i want to prevent c99shell scripts from running. I found this rule to detect URI's for the c99 shell. #new kit SecFilterSelective REQUEST_URI "/c99shell.txt" SecFilterSelective REQUEST_URI "/c99.txt?" My problem is that the hackers are being more stealthy and calling the script some random name like .../myphpstuff.php. So the URI no longer helps detect it. How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it. my box Apache 1.3.37 WHM 11.2.0 cPanel 11.11.0-R16983 FEDORA 5 i686 - WHM X v3.1.0
View Replies!
View Related
Nobody Folders And Delete
when people run a forum and the template and forumdate folders may created some files with nobody permission, the user could not delete them by the user themself, and need admin login as root with ssh to delete those, and let the files permission can run as the user instead of nobody. the server is centos with cpanel and suexec.
View Replies!
View Related
.htaccess And Folders
In the public_html directory, I have php_value user_agent "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0" <IfModule mod_security.c> SecFilterScanPost </IfModule> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / Errordocument 404 /404.html RewriteCond %{REQUEST_FILENAME} !.(jpg|jpeg|gif|png|css|js)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .* index.php [L] </IfModule> Then I created a new directory named caller There is an exact same .htaccess in public_html/caller However, the .htaccess in the public_html directory rewrites all request to index.php .htaccess in public_html/caller rewrites all request to /caller/index.htm The thing is when I access [url] whatever the one that's called is /public_html/index.php How can I arrange so that the one called is /caller/index.htm?
View Replies!
View Related
IIS 5.1 - Browsing Folders
Well I finally got around to getting my IIS up and running which will save some time with uploading various files to check that they are working correctly but now I have run into a new problem. What used to happen with my IIS is it would list out all of the folders which I had in the wwwroot and I would simply navigate through and select which site needed to be tested. At the moment, I have cleared out the wwwroot folder entirely since all of the stuff in there was to do with a "Windows XP Professional" page which appeared upon installation. However, now that I don't need it anymore, I decided to clear it out and test IIS out by making a new folder called "sites" into wwwroot. Now though, it simply comes up with a "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." error message, even though I have changed the permissions on the wwwroot folder to allow writing etc. Could this be because it's IIS 5.1 and I need to install IIS 6.0 instead or is something else wrong? I know for a fact that my operating system (Windows Media Center Edition 2005) will do this list as I have had it before, back before I installed Vista and then decided to come back to MCE.
View Replies!
View Related
Emails Going To SPAM Folders
I can send e-mails out but many times they go directly to the recipient's SPAM box. Also, my server cannot send to any company e-mail that uses MXLogic.net's services. Going to [url]<--My server IP is on ZERO blacklists. /etc/resolv.conf appears correct /etc/hosts also appears correct Is there something that I am overlooking?
View Replies!
View Related
Accessing Shared Folders
I have server which all files and folders are stored on. Now there are a couple of folders which are only accessible by one machine at present and all the other machines when they access the folder it is displayed as empty. I have checked all permisions and all machines viewing of files settings are the same and folders accessible by all machines have the same settings as the couple which are only accessible from this one machine. If I copy and paste the folder all machines then have access to the folder from although this would be a lengthy exercise for the full hard drive.
View Replies!
View Related
Folders Display Permissions
I would to know how I can change the display permissions for my website sub folders and files from public view, for instants The current is you can access to any folders or files once trying access to any folders in my website like open this link www.yoursite.com/photos/ will see all sub-folders and files in this photos folder also you can see the other folders in another level by going to the top level folders! but I think there is a way to enforce my users to write the full path of any selected photo or file they want without browsing my folders and sub-folder.
View Replies!
View Related
Mystery Folders Being Created
I am designing a site for a client and in all the years I've done design etc, I've come up against a phenomenon with their VPS server they have. It's linux and uploading files I am using WS_FTP Home. I am uploading files and folders to their public_html/domain.com/ (*I use domain here for their privacy) and in some folders (directories) after doing so, a mystery folder suddenly appears that is named 5" and as you enter that folder, you see the path directory show up "public_html" and if you go into that one, you come up to the domain.com folder again, and if you deeper into that one you start to see this phenomenon of mirroring folders of the one you go into. Example: public_html/domain.com/images/5"/public_html/domain.com/images/file ***the file whether it's an image jpg, png, etc is created as the last directory as a folder, not a file. I should also mention that as you go deeper in the 5" mystery directory folder, you no longer see the path in the FTP anything past the 5" one even as you go further in. Oh, and it doesn't allow you to delete these 5" folders regardless of what permissions. And this folder seems to show up in many areas of this website's directory structure...mostly where images are (don't know if that is just a coincidence). So hope all this makes sense....anyone seen this before and what the cause could be? Their host doesn't seem to know the reason and says they cannot see it even though others can. They said it's the FTP program as the cause and not their server. My comeback to that is that I've used this FTP for years and never before seen this happen. It's only with this one client's server.
View Replies!
View Related
SSL Certificates Works For Folders?
Say i have domain zzzzz.com and have some folders say a, b and c would ssl if installed for main domain zzzzz.com work for https://zzzzz.com/a and so on ? or would wildcard ssl be required for that ? And what if that /a folder is actually a subdomain, but since you can access subdomains via url/folder instead of folder.url would ssl work on it using url/folder option instead of subdomain url ?
View Replies!
View Related
Deny Perl In Public Folders
How do you guys deny run of perl/bash scripts from /tmp, /var/tmp, /dev/shm? I've tried to build simple shell wrapper, but that's not a compromise if you run for example spamassassin on the same server (it needs direct io to/from perl binary). I'm looking intro some kind of binary wrapper or patch that will deny running perl scripts from public folders (also the same for shell scripts will be great). Any ideas or solutions? If anyone interested in primitive shell wrapper code: Code: #!/bin/sh ARGS=`echo $@ | grep -v "/tmp/"` if [ "$ARGS" != "" ]; then /usr/bin/perl.orig $ARGS; fi
View Replies!
View Related
Zipping Up Multiple Public_html Folders From Shell
OK so I'm on the shell and looking at the contents of my home/ directory which has all the various accounts. In each account directory are subdirs such as mail, logs, tmp, etc, and public_html. Is there a way (or a ZIP command) to be in the home directory and create a massive ZIP file containing all the account directories, each containing ONLY the respective public_html subdir for that account? Using the command "zip -r Backups.zip ./" seems to include all those extra folders (such as mail, etc.) that aren't needed.
View Replies!
View Related
Access Folders In Root / Bypass Wordpress
My blog is set up to display in the root of my domain, although the files on the server sit within their own folder: i.e Server files Public_html/wordpressfiles/ Broswer displays www . mydomain . com/ (disaplys pages from /wordpressfiles) The problem I have is that I can't access individual directories within the root, unrelated to wordpress. e.g I have Public_html/folder2/... Setup on the server, but if I enter the path in my browser: www . mydomain . com/folder2 wordpress thinks I want to access: www . mydomain . com/wordpress/folder2 ...which doesn't exist. How can I re-gain access to folders in the root, without wordpress interfering?
View Replies!
View Related
Removing Large Files Or Folders CentOS
Something weird happening here. I have tried every string possible... There are a number of folders I want to remove off my server, tried the good old and simple... rm -r /folder/ And then went and ended up with a string as long as my screen. No matter what I do, as it goes recursive in to the directory it asks me if I want to remove each file individually. No matter what string or action I take it insists on asking me as it goes to delete each file. Could this be a configuration option in CentOS?
View Replies!
View Related
Addon Domain, Cant Have Password Protected Folders
I have 2 domains on 1 account. My main website is www.aviationcafe.net and i added on www.modelcuir.com thats what it looks like to the public. But with my host it will be www.modelcuir.aviationcafe.net. I noticed in the files area that modelcuir is it's own file, i can password protect that but it will stop people getting onto the website completly and i only want to stop them getting into the members area. I can't create a members area either unless i can add a new folder which i can't i dont think.
View Replies!
View Related
Apache 1.3 For One Site, Two Cgi-bin Folders
my server has just one site, apache conf has such a line: Code: ScriptAlias /cgi-bin/ "/usr/local/apache/htdocs/cgi-bin/" and Code: <Directory "usr/local/apache/htdocs/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> then, my cgi script may run well under the said folder, /usr/local/apache/htdocs/cgi-bin but I have another script need to be setup another cgi-bin under its own folder below htdocs folder, like, /usr/local/apache/htdocs/anotherscript/cgi-bin however, when I run the said script in browser: Code: http://www.mydomain.com/anotherscript/cgi-bin/abc.cgi the browser just shows source codes, instead of running it. I am guessing something wrong in httpd.conf, may I know how to set apache httpd.conf to meet my requirement?
View Replies!
View Related
Copy Newly Created Folders In /tmp
We've had someone starting nobody PERL procs on a box and we can't quite track it down or read the file to see what it is. What he does is to create a folder in /tmp, execute the script from there and delete the folder as soon as it's running (yes, /tmp is mounted noexec, makes no difference). We've managed to discover and block the IP that was doing this, but that's no fix. He hasn't been back since banning the IP...so far. What we would like to do is see if anyone knows of (or can help create) a script that can watch the /tmp folder and copy newly created directories and thier contents to another dir (also notifying via email would be helpful) in order to see what the heck it's doing, and hopefully be able to figure out how it's getting in. Nothing in any logs this time, and the PERL process seems to be able to hide itself from PS. That bit worries me quite a lot, but none of the binaries appear to have been changed, and it doesn't appear we've been rooted in any way. Thoughts on this, ideas and suggestions welcome. Failing that, is it possible without breaking the box to prevent the creation of new directories in /tmp? This I seriously doubt, but if all they need to do is create a folder and work from there, noexec is a joke.
View Replies!
View Related
Cron/ssh To Remove Folders Older Than X Days
I'm trying to write a cron/ssh to remove recursive folders in a "data" folder that is older than X days. I've been able to remove files, but not folders. This is the code I have so far, but if someone can point out how to remove folders older than X days, that'd be great ........
View Replies!
View Related
Offsite Backups (via Rsync) - What Files/folders To Backup
I'm currently using (amongst other backup systems) rsync to an offsite space (am using BQBackup at the moment) I'm just wondering - apart from backing up all of /home/, /var/lib/mysql/ and the important config files (httpd.conf, php.conf, etc etc) is there anything else that *needs* to be backed up? Obviously in a worst case scenario, a new machine would be deployed with a fresh OS install (and a fresh WHM/cPanel install) so I wouldn't worry about backing up OS files or cPanel core files, although I'm wondering if there's anything apart from the /home/ directory and the MySQL databases which would be lost (and so need backing up) in the event of a crash?
View Replies!
View Related
Howto : Copy Index.shtml To Folders In One Command ..
i would like to copy index.shtml to these folder in 1 command ... PHP Code: [root@BOX wp-content]# ls -latotal 48drwxr-xr-x 9 sitename sitename 4096 Nov 25 16:06 .drwxr-xr-x 6 sitename sitename 4096 Nov 25 15:52 ..drwxrwxrwx 3 sitename sitename 4096 Nov 25 16:05 backupdrwxr-xr-x 2 sitename sitename 4096 Nov 16 15:39 cachedrwxrwxrwx 3 sitename sitename 4096 Nov 25 16:05 gallery-rwxr-xr-x 1 sitename sitename 30 May 5 2007 index.php-rw-r--r-- 1 sitename sitename 457 Nov 25 16:06 index.shtmldrwxrwxrwx 3 sitename sitename 4096 Nov 16 16:27 photosdrwxr-xr-x 28 sitename sitename 4096 Nov 25 15:57 pluginsdrwxr-xr-x 8 sitename sitename 4096 Nov 22 03:01 themesdrwxr-xr-x 3 sitename sitename 4096 Nov 16 04:04 uploads-rw-r--r-- 1 sitename sitename 909 Nov 16 15:43 wp-cache-config.php[root@BOX wp-content]# i mean to let index.shtml index uploads and themes .....etc in 1 command .
View Replies!
View Related
Simple Script To Find Suspected Files And Folders
Try this useful script to find all 777 permission files and folders in /home directory also it can find all names of suspected folders and files you want and then you can take the required action to install this follow the steps login as root Code: cd /root Code: pico checkpandnscript.sh Enter this code and in the 5th line from the end change email@email.com to your email Code: # This file will help you to find suspected folders and files in /home directory # Coded and desgined by Alrutani Web Hosting www.alrutani.com , for more informations please contact us. #!/bin/sh echo " " > /root/perdfmbc echo "################# Folders with 777 permission #################" >> /root/perdfmbc echo " " >> /root/perdfmbc find /home -type d -perm 777 |egrep -v "./cpapachebuild|./.cpan|./src" >> /root/perdfmbc echo " " >> /root/perdfmbc echo "################## Files with 777 permission ##################" >> /root/perdfmbc echo " " >> /root/perdfmbc find /home -type f -perm 777 >> /root/perdfmbc echo " " >> /root/perdfmbc echo "############### Folders & files must be checked ###############" >> /root/perdfmbc echo " " >> /root/perdfmbc find /home -name forum >> /root/perdfmbc find /home -name upload >> /root/perdfmbc find /home -name 4images >> /root/perdfmbc find /home -name gallery >> /root/perdfmbc find /home -name uploader >> /root/perdfmbc find /home -name up >> /root/perdfmbc find /home -name r57shell >> /root/perdfmbc find /home -name r57shell.php >> /root/perdfmbc find /home -name r57.php >> /root/perdfmbc find /home -name c99shell >> /root/perdfmbc find /home -name c99shell.php >> /root/perdfmbc find /home -name c99.php >> /root/perdfmbc find /home -name shell.php >> /root/perdfmbc echo " " >> /root/perdfmbc echo "###############################################################" >> /root/perdfmbc echo "Developed by Alrutani Web Hosting http://www.alrutani.com" >> /root/perdfmbc echo "For more informations please contact us." >> /root/perdfmbc echo " " >> /root/perdfmbc cat /root/perdfmbc | mail -s "Suspected files & folders in your server" email@email.com cd /root rm -rf perdfmbc # This file will help you to find suspected folders and files in /home directory # Coded and desgined by Alrutani Web Hosting www.alrutani.com , for more informations please contact us. To add more files and folders that you want the system to list fine Code: find /home -name upload >> /root/perdfmbc after it add Code: find /home -name xxxxxx >> /root/perdfmbc where xxxxx is the name of the file or the folder you want Save file Ctrl X select yes then click enter Code: chmod 755 checkpandnscript.sh To make the script works daily Code: crontab -e At the end enter Code: * 3 * * * sh /root/checkpandnscript.sh save and exit done !! now to test the script Code: cd /root Code: sh checkpandnscript.sh you will receive email from the server
View Replies!
View Related
How Can This Be Done? IIS Multiple Vir. Dir. Or Real Folders
The scenerio is client want to enable unlimited URL for his individual customers. ie,[url] Platform: W2K3 IIS6 I only know two ways doing it 1. Create a real folder /username1, /username2, but this will be real messy, and I remember there is a limitation for up to 36,000 sub-folders within a root folder under Windows (correct me if I am wrong) 2. Create virtual directories under IIS Manager using ASP/ASP.NET script, this is easiest, but having two problem. a. If I have say 10,000 vir. dir., and then I try to expand that root folder under IIS manager, IIS manager will hang for sure. b. Having such huge vir. dir will inevitably having a huge IIS Metabase, this means a great chance of corrupting it, so it's very dangrous. I really hope someone can give me some hints how to do this in a scalable way? I know many Web2.0 site do this even using IIS6 ie, [url]
View Replies!
View Related
GoDaddy Tells Me It's Normal To See The Folders Of Some Random Persons Account
I signed up with GoDaddy shared hosting just a couple days ago. I logged into my site using SSH and FileZilla. And I see hundreds of folders and files that are not mine. These are files from some random account. These are not the basic starter-folders/files. Yet when I connect via FTP (not SSH), I only see the regular starter-set with just a few folders and a few files (not hundreds). This seemed totally loopy, so I called customer support, and the support guy agreed that it was not right. He "escalated" the issue to technical support. I received an email from them asking for screenshots of all these random files I see via SSH. I sent in the screenshots of FileZilla showing all these files. Then GoDaddy responded with this: -------------------------------------------- Dear Sir/Madam, Thank you for contacting Hosting Support. We have reviewed your hosting account [edit] and SSH does in fact show more files than typical FTP. This is normal and not something to be alarmed about. As you are on the shared environment there is certain folders that you will not be able to access, one such example provided in your screenshots is 'herawellness', attempting to access this directory will result in a access denied error. If you are attempting to upload web content you will need to put the content in the the /html/ directory. If you are having trouble using SSH you may want to consult your favorite search engine for assistance with SSH commands. Please contact us if you have any further issues. Regards, Adam M. Hosting Support ---------------------------------------------- This doesn't seem right at all. I've only hosted with one other host besides godaddy, and using SSH I did not suddenly see hundreds of random files from some random account.
View Replies!
View Related
Windows 2003 Hard Drive / Folders Protection Password?
Anyone know a good program to let me put passwords from opening the hard drives via My Computer or especific folders, shortcuts, programs etc? Lets per say someone got a hold of my Administrator password to have those important confidential files not to be seen a program like this would help. I am also going to set up that the server is only accessed from 2 secure locations just in case.
View Replies!
View Related
DNS & BIND WEBMIN : Linking Domains To Folders
linking domains to folders. Im using webmin on a Debian server, and setting up the DNS and BIND isn't a problem, i can do that, but what if i want to link, lets say example.com to the folder hdoc/example/ , how would one do that? At the moment when setting up the zones, they link to the main page.
View Replies!
View Related
Disk Quota Issue - Locating The Folders With The Highest Number Of Files
we've been having issues with reaching or exceeding our disk quotas. I've checked carefully, and while I've cleared our mail queue's, I don't think that's the issue. So what I'm really looking for is a way to figure out why we have so many files (our quota is 220000, and I'm pretty confident that we aren't intentionally doing anything to create so many files). There's lots of information on finding the folders with the largest file sizes, but locating the folders with the greatest number of files isn't quite so simple--or at least, it doesn't seem very clear to me. Does anyone know a way via the command line to figure out this information, short of going through every single folder and figuring out how many files are in the specific folder?
View Replies!
View Related
Apache And Folders Named "error"
I have a problem in apache 2 Linux server. When I create a folder called "error" in a sub domain, apache doesn't read it. I tried with different permissions and proprietary (root and sub domain owner) but doesn't read the index.html. In other sub domain the same problem occurs. Quote: Forbidden You don't have permission to access /error/ on this server. Apache Server at sub domain.domain.com Port 80 Apache reserves the name "error" for internal use?
View Replies!
View Related
Remove Empty Folders And Remove From A Db
ive got a site which auto creates subdomains and installs a script automaticly and inserts details into a mysql db. i have had some issues recent so have loads (talking 100s) of folders that are empty which i need to remove, and to remove the details of said folder from db also. any ideas how i can do this, using plesk control panel so removing the subdomain via plesk cli may be the best way in that respect but the db is external to plesk so that would not be edited
View Replies!
View Related
|
TRACKER
