C99Shell :: Protect My Server For Shell Attacks Via C99 And H57?
I have few scripts, but hackers again upload at some way c99, and hack some SMF forums at server. Server like server they cannot hack, but user account they can. So please tell me what you advice?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
C99 Shell On My Server
One of our customers uploaded C99Shell script on my server, and he can access to another accounts, I upgraded php to 5 but he can access with this script to another accounts yet, what should I do to disable this script or other one?
View Replies!
View Related
C99Shell :: How To Detect Or Disable The Functionality Of C99Shell
Recently my site was defaced, (i own a dedicated server), my server was not touched, but one of the applications I used on the site was exploited to gain access to it. I have noticed 4 or 5 c99 shells in different locations on my ftp. The site is back online, but it's definitely possible that they have one of these hidden somewhere and that they'll just do it again. I am using cent os 5 How can I easily search for these on my box? Can I disable their functionality? is there setting I can use in htaccess or something to make my website safer? I visited one of the scripts, and it said SAFEMODE OFF, how can I at least enable safemode? I don't know much of anything about linux, but I am running cpanel and WHM. I have a guy who manages my box but he is hard to get a hold of sometimes, and I'd like to take care of this ASAP!
View Replies!
View Related
Protect My Windows Server 2003
I got my game servers hosted on a windows server (with w2k3). I want to know what software u guys advise me to use on it to protect it! Someone told me that keep windows up to date wont get me any problem, but i just dont believe. SO i want oppinion from wht members. And since im here i want to report other thing... For an email service? Windows mail server, or something like exchange mail server?
View Replies!
View Related
Reverse Proxy - Protect A Web Server
Background (so you know what I am planning) I will be storing personal customer information in mysql, so security is driving all my requirements. I was thinking the architecture will be :-a dedicated web server within a DMZ and placed behind a firewall and border router. a dedicated database server inside the internal network behind another firewall, All running Linux building out and management of the servers to be done by hosting provider or third party Please feel free to comment on this setup. QuestionsIs a reverse proxy a benefit for security. Am I right in saying that a reverse proxy hides the OS and server details from prying eyes and provides another layer of security if a reverse proxy server is a benefit, is it normally the default architecture at most reputable hosts.
View Replies!
View Related
MSSQL Server Attacks
I can see lot of MSSQL Server attacks. In event viewer "Login failed for user 'sa'. [CLIENT: Some IP]" Most of the attack coming from Chaina. Tipically what I'm doing manually is get that entire IP range and block from Windows Firewall level. Now I have plenty of blocked IP ranges all over the world. What would be the best way to avoid from those kind of attacks ?
View Replies!
View Related
How Can I Secure My Server Against Spam Attacks?
I have a cPanel dedicated server and have a lot of spam attacks on this server. It's getting so bad that our IP is being added to Yahoo & AOL blacklists and my emails are bouncing to these accounts. Is there anyone on here who can do a thourough check on our server and install anything necessary to stop this kind of activity?
View Replies!
View Related
UDP Game Server Attacks
there are some game types out there that are not protected from any type of udp flood attack. I have been doing a lot of work (my servers are linux) and blocked this by coding a bash script running every second checking tcpdump for the amount of current UDP connections and blocks the ip witch has more than a certain number of current UDP connections. This works perfeclty, but it firewalls the ip AFTER the attack started. I am really interested into blocking this attack fully. Limiting the number of current connections (UDP) from an ip to a certain amount to block this attack totally. I have been looking around a lot and have had no luck. From what I have found, there is no way to do this with iptables or ipchains. It is possible for TCP though, but I could not find it for UDP. Could anyone help me out here. Just to let you know, I do run a firewall, but it would never pick up this type of attack unless it was major. This is more like a game type bug (firewall thinks the packets are fine, player packets going to the game server).
View Replies!
View Related
C99Shell Folders?
I found these folders in the root /usr/bin/c99 /usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp /usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp what are these ? is it normal folders ? or somebody hacked our server? what shall I do?
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
C99Shell Hackers Killing Me!
guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked! thats unbelivable!!! those bastards upload there shell scripts to websites via bugs or whatever from php files!! is there anyway to stop these commands? can .htaccess helps? how? i talked to my webhosting companies for my websites! ....
View Replies!
View Related
Mod_security & C99shell Anyone Help Please ?
I installed modsecurity from Addone module in Cpanel When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini. Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View Replies!
View Related
C99shell Disable PHP Scripts?
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites. i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server so is there any way to disable this kind of php file or at least disable some function within the file! i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
View Replies!
View Related
C99Shell :: Attack Rules For Mod_security
i want to prevent c99shell scripts from running. I found this rule to detect URI's for the c99 shell. #new kit SecFilterSelective REQUEST_URI "/c99shell.txt" SecFilterSelective REQUEST_URI "/c99.txt?" My problem is that the hackers are being more stealthy and calling the script some random name like .../myphpstuff.php. So the URI no longer helps detect it. How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it. my box Apache 1.3.37 WHM 11.2.0 cPanel 11.11.0-R16983 FEDORA 5 i686 - WHM X v3.1.0
View Replies!
View Related
How To Secure A FreeBSD Server For Shell?
For hosting irc and shells i heard that the best choice for OS is the FreeBSD.. I would like to know if there are any toturials or if someone can write one.. (or give some tips) of how can i secure a machine running FreeBSD and used for irc + shells! For example how can i install a firewall, a rootkit etc etc.. Also what about putting users at jail? (not allowing them see other dirs except theirs) how can i do that? Also what about dont allow users use some commands like dmesg, ping, traceroute, and also how can i make them when they do ps -aux to only see their processes (to not be able see the other processes from other users..)
View Replies!
View Related
No Shell Access To My Server Exept Mine
how can I get sure there is no shell access to my server exept mine. I mean alkl the security issues I should care for preventing shell access from all my users and hackers. I have diabled all the shell accesses of my users via Cpanel.how can I disable the exec() function on my server?
View Replies!
View Related
Server Refused To Start Shell/command
I am having some server issues. A part of my sshd_config: Port 2255 Protocol 2 ListenAddress 8x.xx.xx.46 PermitRootLogin no Recently, when I want to connect to my server using putty, I get "Connection Refused" using the above IP address and port. When I enter the above IP address (or any other IP address that is stored/set on the server) and port 22, I get "Server refused to start shell/command". It did work before, using 8x.xx.xx.46:2255 and when I enter 8x.xx.xx.46:22 it will block. But now... not anymore. I am using "Direct Admin" to do a "System Backup". I do see the right port and IP address in the sshd_config file. How can I fix this? I can not login the server anymore, however I am going to the datacenter tomorrow. OS: CentOS Installed firewall / protection: APF + BFD Control Panel: Direct Admin
View Replies!
View Related
How To Protect Port 80
someone attacking my VPS via port 80, which firewall u advice me to use on windows 2003 WEB edition ? Or anyone have smillar experiance and can tell me what to do? Btw my hosting company is LeaseWeb.
View Replies!
View Related
How Do I Protect My Website
This is probably a pretty complicated answer so please forgive me as I'm a newbie to making my own ecommerce website. What steps are needed to protect/prevent one's site from being hacked? I have domain privacy (on WhoIs) but I feel this isn't enough.
View Replies!
View Related
Way To Protect URLS
Are there any scripts out there that can protect URLs? For an example I am trying to protect a megaupload.com URL with a masking URL and making sure that the masking URL is only access by a referral site. Can this be done?
View Replies!
View Related
How To Protect Website
Last days my site was hacked to the main page has been added the "iframe" tag with path to the virus loading. I don't know how somebody could edit the original page and insert this code to the html body. This time I have updated this page from archive but I would be glad to know how to protect my site in future. Could somebody advice me fast and effective methods?
View Replies!
View Related
How To Protect Cpanel And Whm
what is the best way to protect whm and cpanel from unwanted login? If i change the port they still can sniff, is there away to put another layer to protect it or assigned specific ip to be able to login ? I'm on a dedicate server and only hosting for 1 site so there no customer that i should worry about. can i change /whm and /cpanel to something else just to hide it form novice users.
View Replies!
View Related
How To Pwd Protect Directories Without Cpanel
how to pwd protect directories with when using no control panel, I am planning to change the login details of the protected directories every few days as well as its top secret data, so I would like to know how to protect directories with pwd, I know how to do using control panel such as cPanel r Plesk but I am having no control panel at this interface I intend to share the files under this protected directories only to my team, so plz help me with codes if there are any its cent 0s5, apache handler
View Replies!
View Related
Mod_evasive Doesn't Protect From Apache DOS
We tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that. Here is the config: <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 80 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 30 DOSLogDir "/var/log/httpd" </IfModule> Here is the copy of text I found on one site about mod_evasive: Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good… Is there any solution for such type of attack with Keep Alive disabled?
View Replies!
View Related
Web Protect Not Working In Cpanel
I have protected one folder on my domain from Cpanel using function "web protect" also its asking for password but the password is not working. I did checked the .htpasswd file in users home directory and it have the user created for protection.
View Replies!
View Related
How To Protect Access To Whm/cpanel
is there a way to protect whm/cpanel access? At the moment anyone can type domain.com/cpanel or domain.com/whm or server/cpanel or server/whm. I would like to limit access to these pages by adding additional password (like folder password) or restricting IP.
View Replies!
View Related
Tool To Protect My Web Site, Help Please
I am having a lot of trouble with spammers and hackers. I am currently hosting my site on a windows server. [FONT='Calibri','sans-serif']What is the best tool that I can use to protect my web-site? The tool should be easy to use and require no JAVA or Pearl and other programming languages as I am not familiar with them.
View Replies!
View Related
|
TRACKER
