C99shell Disable PHP Scripts?
Sep 3, 2007
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites.
i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server
so is there any way to disable this kind of php file or at least disable some function within the file!
i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
View 14 Replies
ADVERTISEMENT
Jul 13, 2008
Recently my site was defaced, (i own a dedicated server), my server was not touched, but one of the applications I used on the site was exploited to gain access to it.
I have noticed 4 or 5 c99 shells in different locations on my ftp. The site is back online, but it's definitely possible that they have one of these hidden somewhere and that they'll just do it again. I am using cent os 5
How can I easily search for these on my box? Can I disable their functionality? is there setting I can use in htaccess or something to make my website safer? I visited one of the scripts, and it said SAFEMODE OFF, how can I at least enable safemode?
I don't know much of anything about linux, but I am running cpanel and WHM. I have a guy who manages my box but he is hard to get a hold of sometimes, and I'd like to take care of this ASAP!
View 6 Replies
View Related
Aug 15, 2008
how i can detect and disable C99 shell and another shell script exp:r57 ....
View 9 Replies
View Related
Jul 30, 2009
I found these folders in the root
/usr/bin/c99
/usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp
/usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp
what are these ? is it normal folders ? or somebody hacked our server?
what shall I do?
View 10 Replies
View Related
Jul 1, 2009
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell.
I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View 14 Replies
View Related
Nov 5, 2009
How to stops the scripts like c99 shell from installing into the server?
View 1 Replies
View Related
Jun 5, 2007
I installed modsecurity from Addone module in Cpanel
When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini.
Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View 14 Replies
View Related
Jun 25, 2007
guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked!
thats unbelivable!!!
those bastards upload there shell scripts to websites via bugs or whatever from php files!!
is there anyway to stop these commands?
can .htaccess helps? how?
i talked to my webhosting companies for my websites! ....
View 10 Replies
View Related
Oct 3, 2007
i want to prevent c99shell scripts from running.
I found this rule to detect URI's for the c99 shell.
#new kit
SecFilterSelective REQUEST_URI "/c99shell.txt"
SecFilterSelective REQUEST_URI "/c99.txt?"
My problem is that the hackers are being more stealthy and calling the
script some random name like .../myphpstuff.php. So the URI no longer helps detect it.
How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it.
my box
Apache 1.3.37
WHM 11.2.0 cPanel 11.11.0-R16983
FEDORA 5 i686 - WHM X v3.1.0
View 3 Replies
View Related
Oct 19, 2007
Is there a way to stop them totally? i.e. even though they are successfully uploaded but I do not want the source to be available to them etc.?
I mean, is there a way to hide or not allow them to execute any shell?
View 7 Replies
View Related
Sep 1, 2008
I have few scripts, but hackers again upload at some way c99, and hack some SMF forums at server. Server like server they cannot hack, but user account they can. So please tell me what you advice?
View 6 Replies
View Related
Oct 20, 2008
Our security comlience test got failed due to following reason
Synopsis:
The remote service encrypts traffic using a protocol with known weaknesses.
Description:
The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Solution:
Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See for Apache.
We have Cpanel RHEL server. Please advise how to:
'disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See for Apache.'
View 12 Replies
View Related
Feb 20, 2008
RBL is blocking every incoming email. While waiting for the admin. How to disable it?
View 3 Replies
View Related
May 11, 2008
I can stop Dr Web from within Plesk Control panel, but every time server restarts - Dr Web is automatically started again.
Any possible way to disable it from running?
Also the same with Spam Assassin.
I am running CentOS
View 0 Replies
View Related
Nov 6, 2007
I would like to disable SSL 2.0 and use SSL 3.0, my question how i can do this and which file i have to modify or i have to upgrade from SSL 2.0 to SSL 3.0 ?
View 2 Replies
View Related
Jun 10, 2009
I've seen for securing PHP recommends putting parse_ini_file() in the disable_functions line in php.ini but I cannot find an exact reason why. This being disabled is causing an error message to appear on some of my users sites but I'm trying to find a clear cut reason why it is disabled.
View 12 Replies
View Related
Mar 19, 2008
How can I disable clamav on cpanel server and make sure that it's not running
because when clamav is running the outlook is not working so I have to restart clamav every time.
View 6 Replies
View Related
Oct 25, 2009
is it possible to disable log rotate? I can't seem to find the cron under my weeklys or dailys nor monthlys unless it's named "mad-db" but is there a way to make it say yearly? or just disable it all together? I say this because the script I use has a function already to clear the logs and when log rotate runs it kills all processes going by the script
View 8 Replies
View Related
Apr 17, 2009
when some one upload and load files with phpinfo()
he can see our server PHP Configuration.
how can us disable phpinfo()?
View 13 Replies
View Related
May 24, 2009
I have disabled auditd
Code:
root@server48 [~]# chkconfig --list |grep audit
root@server48 [~]# rpm -qa|grep audit
audit-libs-1.7.7-6.el5_3.3
audit-libs-1.7.7-6.el5_3.3
audit-libs-python-1.7.7-6.el5_3.3
root@server48 [~]# lsmod |grep audit
root@server48 [~]#
root@server48 [~]# ps aux|grep audit
root 532 0.0 0.0 0 0 ? S< May17 0:00 [kauditd]
root 20690 0.0 0.0 61180 740 pts/0 R+ 06:12 0:00 grep audit
root@server48 [~]#
I still get audit on /var/log/messages
Quote:
May 24 06:10:01 server48 kernel: type=1101 audit(1243163401.625:179651): user pid=19715 uid=0 auid=0 msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
May 24 06:10:01 server48 kernel: type=1101 audit(1243163401.716:179652): user pid=19716 uid=0 auid=0 msg='PAM: accounting acct="youtubet" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
May 24 06:10:02 server48 kernel: type=1101 audit(1243163402.087:179656): user pid=19719 uid=0 auid=0 msg='PAM: accounting acct="vidzboxc" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)'
How do i disable auditd completely?
View 1 Replies
View Related
Jul 18, 2009
any one can apply php scripts under cpanel like:
domain.com:2082/scripts.php
I have run phpinfo for looking for cpanel php.ini I have
Configuration File (php.ini) Path /usr/local/cpanel/3rdparty/etc
I renamed /usr/local/cpanel/3rdparty/etc to /usr/local/cpanel/3rdparty/etc.OLD
then restart the server I am still get cpanel php work and phpinfo give :
Configuration File (php.ini) Path /usr/local/cpanel/3rdparty/etc
how to disable cpanel php to prevent some one exploit php to hacking my server?
View 5 Replies
View Related
Apr 9, 2009
i wanna disable the backup from cpanel for one user only
how i can do that?
i wont him take full backup from the cpanle.
View 4 Replies
View Related
Apr 13, 2008
I've a VPS to run my only one website. As I don't use ftp, I'd like to know how to disable it.
I tried WHM -> Service Configuration -> Service Manager, then uncheck ftpd, but it's still there
View 6 Replies
View Related
Jul 29, 2008
I want to disable WHM/Cpanel.because client purchase dedicate server from us and he want to access from command line and no WHM/Cpanel so how can i do it and it will be effect on any service because i have installed all the service like dns, exim and http from WHM.
View 3 Replies
View Related
May 7, 2008
How can i disable some words from the contain of the page by Mod_Security2?
View 6 Replies
View Related
Oct 30, 2008
Does is possible to disable ftp capabilities of several websites run by cron at some specified time of the day? then re-enable it automatical at a certain time also?
View 7 Replies
View Related
Dec 5, 2008
I installed APF/BFD a log time ago on my centos server and have had no problems up until now.
Approx 3 days ago, the server was uncontactable by SSH/HTTP/FTP. So I ran a traceroute and the host confirmed the box was up with no problems.
He disabled IPTables and I was allowed in. Anyway, overnight, the same thing has happenned again.
I will have to SSH in from another IP however, my main question is how do I disable IPTables ? Or better still, how do I uninstall APF!
View 4 Replies
View Related
Feb 20, 2008
I got the problem with email running on my server.
That mean, I using my domain email service with other server. Now I hosted a website for this domain on one other server.
Note that the IP for domain and email domains are different (Using managed domain service)
But I got the problem now when email sending from the server (using php email function ) with the website running that will confusing, not sending anymore.
Don't know that you understand my case. But I want to stop email service for this domain on my server, all email just send and receive through other email server.
How can I setup or configure it through SSH?
View 3 Replies
View Related
Apr 9, 2007
I have placed .htaccess to block some ip, when the person ip matches, my server will gives this message "client denied by server configuration", got lots of them everday in my error log, how can I disable this message? I need other error log message but not this message, is there any way I can disable it?
using centos and plesk.
View 2 Replies
View Related
Apr 6, 2008
I have Apache 2.2 using cPanel 11 how do I disable apache I was sure it was using this cmd, /etc/httpd/conf/httpd.conf off When I try that I get permission denied and im logged in with root! I also tried this /etc/httpd/conf/httpd.conf chmod 777 permission denied again. Anyways, I need to disable Apache so LiteSpeed will work and I can dump Apache the unforgiven pos that will dos it recieves a request to visit a webpage. (That is over doing it, Apache is really good just if it gets hit it's down easy.)
View 9 Replies
View Related
Dec 3, 2008
It possible to disable the disable function for all user expect one account for running few application i need shell_exec, passthru, exec these so for other account it possible to disable it?
View 2 Replies
View Related
