How I Can Do Shell Scan In My Server
May 20, 2008i have server and i want to do shell scan and delete the shell
View 4 Repliesi have server and i want to do shell scan and delete the shell
View 4 RepliesI am not much familiar with windows server scan. How can I do full scan on the server? I want to make sure that server is secure.
View 3 Replies View RelatedAny body knows of free server security scan for my dedicated?
View 4 Replies View RelatedDo any1 know how to change jail shell to normal shell?
View 14 Replies View RelatedOne of our customers uploaded C99Shell script on my server, and he can access to another accounts,
I upgraded php to 5 but he can access with this script to another accounts yet, what should I do to disable this script or other one?
We have a client claming that she gets a Trojan warming when she trys to access her website but using the Trojan scan in cpanel doesn't show anything.
What can we use to scan for Trojan?
For hosting irc and shells i heard that the best choice for OS is the FreeBSD..
I would like to know if there are any toturials or if someone can write one.. (or give some tips) of how can i secure a machine running FreeBSD and used for irc + shells!
For example how can i install a firewall, a rootkit etc etc..
Also what about putting users at jail? (not allowing them see other dirs except theirs) how can i do that?
Also what about dont allow users use some commands like dmesg, ping, traceroute, and also how can i make them when they do ps -aux to only see their processes (to not be able see the other processes from other users..)
What is a rootkit? The following link is a very good read to answer that question.
http://linux.oreillynet.com/pub/a/li...4/rootkit.html
In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server.
Usage:
1. su - (change to root user)
2. mkdir /usr/local/chkrootkit
3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
4. tar -xvzf chkrootkit.tar.gz
5. cd chkrootkit*
6. cp * /usr/local/chkrootkit
7. cd /usr/local/chkrootkit
8. make sense
Now scan your system:
1. cd /usr/local/chkrootkit
2. ./chkrootkit
chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct.
Part 2 - automated chkrootkit, and emailed results.
I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results.
Usage:
1. vi /etc/cron.daily/chkrootkit
2. add the following code.
Code:
#!/bin/bash
(cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com)
3. chmod 0755 /etc/cron.daily/chkrootkit
This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits.
Removal:
If you don't like getting the emails or just want to remove this from your server:
1. rm /etc/cron.daily/chkrootkit
2. rm -rf /usr/local/chkrootkit
All files will now be deleted from your server.
Is this possible we can scan virus on the account on server?
View 1 Replies View Relatedhow to correct it?
Code:
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Checking for prerequisites [ Warning ]
The file of stored file properties (rkhunter.dat) does not exist, and so must be created. To do this type in 'rkhunter --propupd'.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
is used, all the files on their system are known to be genuine, and installed from a
reliable source. The rkhunter '--check' option will compare the current file properties
against previously stored values, and report if any values differ. However, rkhunter
cannot determine what has caused the change, that is for the user to do.
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
Is it advisable to have someone scan your server setup, ie the firewall? If so, what is used to scan the firewall?
View 13 Replies View RelatedWhat's the best way to do a daily check for xss scripts injected into php and html files on a linux box?
I am referring to stuff like framer.z
[url]
which essentially has a telltail signature of
<script>eval(unescape("%77%69...
Is there anything for linux that keeps up with those kinds of script signatures?
I doubt CSF or Clam looks for that kind of stuff, right?
to install secuity patches for each VPS hosted on single host or appling it to host running multiple VPS is enough.
Does same applies to firewall related software..Use it for individual VPS on single host?
how can I get sure there is no shell access to my server exept mine. I mean alkl the security issues I should care for preventing shell access from all my users and hackers.
I have diabled all the shell accesses of my users via Cpanel.how can I disable the exec() function on my server?
I have few scripts, but hackers again upload at some way c99, and hack some SMF forums at server. Server like server they cannot hack, but user account they can. So please tell me what you advice?
View 6 Replies View RelatedI am having some server issues.
A part of my sshd_config:
Port 2255
Protocol 2
ListenAddress 8x.xx.xx.46
PermitRootLogin no
Recently, when I want to connect to my server using putty, I get "Connection Refused" using the above IP address and port.
When I enter the above IP address (or any other IP address that is stored/set on the server) and port 22, I get "Server refused to start shell/command".
It did work before, using 8x.xx.xx.46:2255 and when I enter 8x.xx.xx.46:22 it will block. But now... not anymore.
I am using "Direct Admin" to do a "System Backup". I do see the right port and IP address in the sshd_config file.
How can I fix this? I can not login the server anymore, however I am going to the datacenter tomorrow.
OS: CentOS
Installed firewall / protection: APF + BFD
Control Panel: Direct Admin
[url]
[url]
One of my users posted this in the forum saying my server is scanning his computer. His this serious? Do I have virus? Should i be worried? Well i am kinda worried. I tried googling it, but i can't seem to figure the right keywords for a good result.
So I have a client using Wordpress 3.6, so the scan does little good.
I update the Wordpress to 4.1.1 and do the Scan again. Plesk cannot find the updated install of WP still?
I have write up a simple shell script from my windows desktop.
After i upload the file via ftp and run it as root, it doesn't run properly.
any file i copy over will end up in "
" ..nothing else.
why is this happening?
Should i write all my code on the server instead?
my server in under attack of shell
how can i find shell code in my server? (c99 ...)
is any anti virus or open source tools to find it
how can i disable shell function?
I have spare dedicated machine.
I want to allow user to run few processes on machine (debian etch).
I configurated limits at /etc/security/limits.conf for group "shell".
When I attached user to group shell, limits work well, but he still can look
everywhere on system. (he can do cat /home/somefile.txt, even owned by root).
Is there any method, software to limit user to acces only their home directories?
For security reason I have these php functiosn disabled:
show_source, system, shell_exec, exec, popen, proc_open, procopen, passthru
Can anyone please tell me whether if it will prevent shell scripts from working?
They can still upload the shells but cant read/write/execute commands in 777 directories?
I'm having a problem connecting to SSH/Shell on my server. I get the Login Prompt, but when i enter the User/Pass i just get "SSH-2.0-OpenSSH_3.6.1p2", everything under that is blank.
I've restarted the SSH Server and made sure the account i was using was set to use Normal Shell (not jailed). What could be the problem?
I was wondering if it were possible to chmod a directory that is set to a low number to 777 using a shell or command and if so can anyone point me in the right direction as to how to go about doing so ??? I am trying to learn a little and i pefer using my browser to edit files rather then a ftp client.
View 9 Replies View RelatedI was just wondering if anyone is aware of Linux VPS or shell account providers with servers that are physically located in Pennsylvania. The only two I've come across so far are Nocster and VPS Village.
View 2 Replies View RelatedI keep seeing web hosts where it says that there is/isn't shell access, etc. What's shell access and what do you do with it in/with a web host?
View 14 Replies View Related