Csf :: System Exploit* Has Detected A Possible "Random JS Toolkit"

Oct 22, 2009

i update the cpanel and after that lfd fails all the time

ct 22 11:53:21 *** lfd[1653]: *System Exploit* has detected a possible "Random JS Toolkit" - Failed to create test directory /etc/csf/1: Disk quota exceeded

Oct 22 11:53:21 *** lfd[1653]: Error: Cannot open out file: Disk quota exceeded, at line 3780

Oct 22 11:53:21 *** lfd[1653]: daemon stopped

Oct 22 11:53:26 *** lfd[30079]: Error: pid mismatch or missing, at line 589

Oct 22 11:53:26 *** lfd[30079]: daemon stopped

Which can be the issue you think ?

Ip tables in my case all of them they are correct

Even if i restart the virtual its working properly for a while and after that fails

View 9 Replies


ADVERTISEMENT

Lfd: System Exploit Checking Detected A Possible Compromise

Apr 29, 2008

I always recieve this email: from lfd

Time: Tue Apr 29 03:40:13 2008

Possible detection of "Random JS Toolkit"
Failed to create test directory /etc/csf/1: No space left on device:

See [url] for more information

I do this to test if my server is infected:

mkdir /home/1

it created without any problems

and I used tcpdump and I got this:

<script type="text/javascript" src='jscripts/ips_ipsclass.js'></script>
<script type="text/javascript" src='jscripts/ipb_global.js'></script>
<script type="text/javascript" src='cache/lang_cache/en/lang_javascript.js'></script>
<script type="text/javascript" src='jscripts/ips_xmlhttprequest.js'></script>
<script type="text/javascript" src='jscripts/ipb_global_xmlenhanced.js'></script>

is that mean the server is infected? but these scripts are for the IPB forum board so why I still recieve this email?

View 10 Replies View Related

Plesk 11.x / Linux :: File System Loop Detected

Sep 19, 2012

I do not know how this happened though. When I use find command on shell, I got the following error.

find: File system loop detected; `/var/named/chroot/var/named' is part of the same file system loop as `/var/named'.

It is minimal CentOS6.3 install with plesk 11.

View 15 Replies View Related

Plesk 12.x / Linux :: File System Loop Detected

Jun 28, 2015

in CENTOS 6.6 / PLESK 12 when I use the find command I get this notice:find: File system loop detected; "/var/named/chroot/var/named" is part of the same file system loop as "/var/named".

View 2 Replies View Related

Shell DNS Toolkit?

May 27, 2008

Is there a such thing? I use shell mainly for whois info, tracing, telnet for email issues, etc etc. Is there a 'toolkit' for such things?

View 6 Replies View Related

Supports Mod_perl And Template Toolkit

Aug 23, 2008

web host that offers a shared hotsing account that allows users to install or already have installled perl modules like mod_perl and template toolkit using cpanel.

View 4 Replies View Related

Plesk 12.x / Linux :: Where Does WP Toolkit Name Field Value Come From

Feb 4, 2015

Where does Plesk-12(Linux) WP Toolkit find the value for the "Name" field in the Toolkit display?

View 10 Replies View Related

Plesk 12.x / Linux :: WP Toolkit Email Notifications

Jan 23, 2015

I'd like to know if there's any way to stop notifications for updates from WP Toolkit. I didn't find anything in settings

View 2 Replies View Related

Plesk 12.x / Linux :: Wordpress Toolkit Error

Jun 27, 2014

When I visit the Wordpress Toolkit page on one of my servers I get the following error...Internal error: Specified column "name" is not in the row

MessageSpecified column "name" is not in the row
File Abstract.php
Line179
TypeZend_Db_Table_Row_Exception
Go To Previous Page

This server appeard to upgrade successfully, and has the relevant tools installed with no errors on apt-get.Perhaps removing and re-installing the wordpress toolkit will work?

View 2 Replies View Related

15 POSSIBLE Trojan Detected WHM

Aug 3, 2007

i have an site on my server when i open it the kaspersky anti viruss detect there is an trojan in this site .. ( see the picture in the attachment )

and i checked the server from the whm and there is result 15 POSSIBLE Trojans Detected

How i can solve this ?? and remove this trojans .

View 14 Replies View Related

4 G RAM Not Detected By Fedora 7

Nov 27, 2007

We recently setup a server with 4 gigs of RAM and installed Fedora core 7 32-bit version in it. After installing the OS, I have found that Fedora is able to detect only 2 GB and not 4 GB of RAM. I installed the kernel-PAE and kernel-PAE-devel modules and restart the server and made sure that the the OS with the PAE switch starts at boot time. However, the OS still does not detect the 4 GB RAM. Any idea what else can be done apart from installing the 64-bit OS in the system?

View 14 Replies View Related

Plesk 12.x / Linux :: Hide / Remove WordPress Toolkit

Jan 23, 2015

Is it possible to completely remove the WordPress Toolkit.

Or at least to remove the button from the Basemenü at "Server Management"->"WordPress" ....

View 2 Replies View Related

Plesk 12.x / Linux :: How To Disable Or Uninstall WordPress Toolkit

Jul 14, 2014

Is it possible disable or uninstall 'WordPress Toolkit' for Plesk 12.x?

View 2 Replies View Related

Plesk 12.x / Linux :: Wordpress Toolkit - Decoding Failed

Nov 26, 2014

My Wordpress Toolkit stops showing the Wordpress Installations.

Instead of that, is showing a yellow sign with the following error:

"Decoding failed: Syntax error"

I found this [URL] ... but it did not work for me.

I decided to reinstall several times my Wordpress site using my Wordpress backup.

The Wordpress installation using the Toolkit works fine, however, when I update Wordpress (core, plugins or theme) within my Wordpress dashboard, the Plesk's Wordpress Toolkit keeps saying there are still updates pending. Also I noticed that if I change the site's name in my Wordpress dashboard, the Plesk Wordpress Toolkit keeps showing the old one. (same happens with languages)

Although my website is working fine, after a while, not matter if I update or not my Wordpress site using the Toolkit, eventually I receive the "Decoding failed: Syntax error" in my Plesk panel.

Plesk version 12.0.18 Update #24, Centos 6.6 Final

View 2 Replies View Related

Plesk 12.x / Linux :: WP-toolkit Is Unable To Update Installations

Nov 4, 2014

WP-toolkit is unable to update WP-installations. The error is obviously due to user rights of the WP-toolkit compared to vhost user rights compared to file rights.

The error:
The WordPress plugins were updated with errors:Installation "My CMS": Warning: Could not remove the old plugin. {"err_code":0,"err_message":"Updated 0/1 plugins."}

Configuration:
- nginx and apache
- nginx processes php files via php-fpm

How do I set user rights or what has to be configured to have the WP-toolbox work again?

View 8 Replies View Related

No Filesystems With Quota Detected.

Dec 9, 2007

Just installed fresh centos 5 / cpanel and now I get this:

No filesystems with quota detected.

[root@server scripts]# quotacheck -avugm
quotacheck: Can't find filesystem to check or filesystem not mounted with quota option.

Code:

[root@server scripts]# /scripts/initquotas
Quotas are now on
Updating Quota Files......
quotacheck: Can't find filesystem to check or filesystem not mounted with quota option.

quotacheck: Can't find filesystem to check or filesystem not mounted with quota option.

....Done

How do I fix this?

Code:
LABEL=/1 / ext3 defaults,usrquota 1 1
LABEL=/boot1 /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
LABEL=SWAP-sda2 swap swap defaults 0 0

View 1 Replies View Related

Windows Doesnt Detected All 4GB RAM

Jun 15, 2007

I am using Windows 2003 Enterprise Edition SP1 and i have recently set the computer up to 4GB RAM. I notice a problem occur error :

When I start the computer, Bios detected all 4GB Ram. However, i have checked Total physical memory in General (My Computer-> Properties) doesnot detect all 4GB Ram. it only detect 3GB Ram.

I have checked that this OS support up to 32GB . Why it doesn't detect all 4GB ?
What happen to it?

Mainboard : Intel chipset 915GL

I did following the instruction in internet (exactly is Microsoft) is /PAE in boot.ini file. But, it doesnt work.

View 8 Replies View Related

Plesk 12.x / Linux :: Wordpress Toolkit Complaining That PHP Version Is Not 5.3 Or Higher

Feb 5, 2015

We are trying to use the new Wordpress toolkit, but when we try to install an instance it says this:

Contact your service provider for assistance. Upgrade the system PHP CLI to version 5.3.0 or later, or set the correct path to the PHP CLI in the clipath option of the php_handler utility for a custom PHP handler.

Screenshot:

Now that would not be a problem if the requirements were not met, but there are installed PHP versions that are higher than 5.3 and the website is configured to us these versions...

# /usr/local/psa/bin/php_handler --list
id: display name: full version: version: type: cgi-bin: php-cli: php.ini: custom:
2 5.5.14 5.5.14 5.5 fastcgi /usr/local/php5514-cgi/bin/php-cgi /usr/local/php5514-cgi/bin/php /usr/local/php5514-cgi/etc/php.ini true
3 5.3.29 5.3.29 5.3 fastcgi /usr/local/php5329-cgi/bin/php-cgi /usr/local/php5329-cgi/bin/php /usr/local/php5329-cgi/etc/php.ini true
cgi 5.2.17 5.2.17 5 cgi /usr/bin/php-cgi /etc/php.ini false
fastcgi 5.2.17 5.2.17 5 fastcgi /usr/bin/php-cgi /etc/php.ini false
module 5.2.17 5.2.17 5 module /usr/bin/php-cgi /etc/php.ini false

The website is using this version, and the PHP CLI is defined in the php_handler tool

I must be missing something obvious.

View 8 Replies View Related

Plesk 12.x / Linux :: Wordpress Toolkit Parse Error - Cannot Connect To DB

Apr 21, 2015

I have over 5 WP installations on my Server and i installed all manual and had never issues.

Now i installed a again a WP Site and after i go to the Wordpress Toolkit to search for the new installation i got the following Message:

PHP Parse error: syntax error, unexpected '?' in /usr/share/plesk-wp-cli/php/wp-cli.php(23) : eval()'d code on line 1 {"err_code":0,"err_message":"

With error cannot connect to DB.

So all WP installations are running fine instead of the new one.... I didn't change any configs files of PHP all is standard, the wp-config.php is correct, the Site is running fine.

From my point of view is this an issue by Plesk due to Parse error message at the files of Plesk, see error message!

System:
OS Debian 7.8
Plesk Version 12.0.18 Update #43, zuletzt aktualisiert: 20. April 2015 13:17:36

I know with an older Version of Plesk 12.0.18 it was working fine too, so the bug was implemented with a MU.

I checked the file as well and find out that at all PHP files the code is not closed at the end so the "?>" is always missing. 

View 4 Replies View Related

Plesk 12.x / Linux :: Cannot Upgrade Plugins Through Wordpress Toolkit After Migration

Oct 14, 2014

I'm struggling to find the problem why the wordpress toolkit will not update plugins/wordpress/themes. I'm getting this error:

The WordPress plugins were updated with errors:

Installation "Multirotor Photo's": Warning: Could not create directory. {"err_code":0,"err_message":"Updated 0/1 plugins."}

I recently migrated all domains from my old server to the new server using the plesk migration tool.
The configurations of the servers:

Old server: Ubuntu 12.04, Plesk 12.0.18, AMD Opteron , 8 GB RAM
New server: Ubuntu 14.04 LTS, Plesk 12.0.18, Intel Xeon, 8 GB RAM

View 6 Replies View Related

PHP/GIF Exploit

Jun 23, 2007

I read about a new exploit that imbeds PHP code in a GIF file:
[url]

How would that work exactly? Wouldn't a server have to be set up specifically to parse PHP code in gif files? Who would set up their server that way? Is there a way around that so you can remotely trick the server into parsing gif files as PHP code?

View 3 Replies View Related

New PHP Exploit

Sep 11, 2007

check this out [url]

That could do some damage, all someone would have to do is get shell on a site or be able to see config.php and then connect with that database and mass deface the server or put shells on other sites.

Anyone know of any way to prevent this?

View 14 Replies View Related

PHP Exploit

Nov 25, 2007

Just discovered a php exploit on a client's domain.

Found this in the access_log

[url]
=
[url]

Take a look at rmod.txt
[url]

then found this in a conf.txt in the /pearus/.bash folder

Quote:

statefile Infodll.state
connectionmethod direct
server animefox.no-ip.biz 6666
server animefox.no-ip.biz 6667
server animefox.no-ip.biz 6668
server animefox.no-ip.biz 6669
server animefox.no-ip.biz 7000
server animefox2.no-ip.biz 6666
server animefox2.no-ip.biz 6667
server animefox2.no-ip.biz 6668
server animefox2.no-ip.biz 6669
server animefox2.no-ip.biz 7000
server animefox.no-ip.biz 6666
server animefox.no-ip.biz 6667
server animefox.no-ip.biz 6668
server animefox.no-ip.biz 6669
server animefox.no-ip.biz 7000
server animefox2.no-ip.biz 32000
server animefox2.no-ip.biz 40000
server animefox2.no-ip.biz 42000
server animefox2.no-ip.biz 44000
server animefox2.no-ip.biz 48000
channel ###Snake###
channel #PoIsOn_MuSiC
adminpass f2oL8zmnIG/CA
user_nick PoIsOn|MuSiC|030
#local_vhost 123.456.789.123
#tcprangestart 4000
#usenatip 123.456.789.123
user_realname ...::::9PoIsOn CrEw::::...
user_modes +ix
loginname r0x
slotsmax 10
queuesize 30
maxtransfersperperson 1
maxqueueditemsperperson 2
restrictlist yes
restrictprivlist no
restrictsend yes
restrictprivlistmsg Per la lista [url]
respondtochannelxdcc no
respondtochannellist no
headline 9,2 ..::4T11h0e 13B9e11S7t 4C11h9a8n7n8e7L 11O4f 11T7h4e 8W13o8r9l7D11::..
creditline 9,2 ..::4T11h0e 13B9e11S7t 4C11h9a8n7n8e7L 11O4f 11T7h4e 8W13o8r9l7D11::..
adminhost *!*@PoIsOn.CrEw
adminhost SilverFox!*@*.*
uploadhost *!*@PoIsOn.CrEw
uploadhost *!*@P.o.I.s.O.n
downloadhost *!*@*.*
hideos yes
filedir /home/httpd/vhosts/domain.com/httpdocs/pearus/.bash
uploaddir /home/httpd/vhosts/domain.com/httpdocs/pearus/.bash
#

contents of the .bash folder:

Quote:

-rw-r--r-- 1 apache apache 1729 Nov 23 11:44 conf.txt
-rwxr-xr-x 1 apache apache 214350 Nov 5 06:01 httpd
-rwxr-xr-x 1 apache apache 214382 Nov 5 06:01 httpd_chroot
-rw-r--r-- 1 apache apache 268 Nov 25 13:25 Infodll.state
-rw-r--r-- 1 apache apache 268 Nov 25 13:23 Infodll.state~
-rw-r--r-- 1 apache apache 268 Nov 19 06:12 mybot.state
-rw-r--r-- 1 apache apache 268 Nov 19 06:09 mybot.state~
-rw-r--r-- 1 apache apache 604160 Sep 23 09:07 Poi.tar
-rwxrwxrwx 1 apache apache 41 Nov 25 10:52 restart

Still trying to dig in some more to figure out how they were able to exploit
here's the first few lines of their blog.php

Quote:

<?php
session_cache_limiter('none');
session_start();
ob_start();
?>
<?php include_once("oneadmin/config.php");
include_once($path["docroot"]."common/session.php"); ?>

View 9 Replies View Related

Is This A New Exploit

Nov 29, 2007

several of our dedicated servers got hacked,(NOT rooted), but many of sites on each server got hacked.

after tracing the hacking process, we found that the hacker only put a "perl" file contain:


++++++++++cut here+++++++++
symlink("/link/to/victim/configs","/link/to/local/hacker/site");

+++++++++++cut here++++++++++++

and then we found many links of victim config files on the local hacker site!

all servers runing with:

-php 4.4.7
-centos 4.5
-cpanel

i tried to do the same way by a normal user, but i get the "Permission denied" error and i can not read the linked files!

so how can i prevent the function "symlink" from executing using perl?

is there any new exploit in php/perl?

View 8 Replies View Related

PHP Exploit

Nov 24, 2007

My provider sent me an abuse ticket with the message below. This is a cPanel server with 300 domains. How do I go about tracking down the problem? They can’t give me anymore information and I don’t know where else to look.

This ticket was automatically generated by the XXXXXXXXXXXXXX Network Protection System. An unusual amount of traffic has been detected involving your IP address xx.xx.xx.xx.

Details of the event follow:

3885: HTTP: PHP File Include Exploit

This filter detects an attempt to post the contents of an external script to a PHP application. This behavior is typical of a PHP file include vulnerability attack. This attack could allow an attacker to insert custom code into a variable that would be executed by all users of the vulnerable application.

View 6 Replies View Related

SMART Error (CurrentPendingSector) Detected

Sep 4, 2007

I got email notice about this:

Quote:

The following warning/error was logged by the smartd daemon:

Device: /dev/sdb, 1 Currently unreadable (pending) sectors

For details see host's SYSLOG (default: /var/log/messages).

Quote:

The following warning/error was logged by the smartd daemon:

Device: /dev/sdb, 1 Offline uncorrectable sectors

For details see host's SYSLOG (default: /var/log/messages).

It causes server crash and down.

View 3 Replies View Related

How To Make Sure Email Isn't Detected As Spam

Feb 8, 2008

I'm just working with my first dedicated server and also in the process of coding a new site. Anyway, I've gotten around to emailing users from scripts on my site (Java Servlet). Using Sendmail as the server (with default config) the emails are detected as spam by pretty much everything.

I'm looking for a complete list of things which need to be done to ensure an email isn't detected incorrectly as spam. I've read through various sites etc but haven't found a definitive list of things which should be done. I'm sure this would be helpful for other forum visitors too.


I'm NOT trying to send spam or anything like that but I haven't set up a dedicated server before.

View 9 Replies View Related

Genuine Mails Getting Detected As Spam

Aug 27, 2007

I am using Merak Mail server 8.0.3 (Windows). From past 2 - 3 days many of my users are complaining their genuine mails are going to spam. The value set for antispam is 5 i.e. if antispam value is above it is detected as spam else not spam.

But from past few days which ever genuine mail is detected as spam I have found an very uncommon thing in it. It shows '10.4 FH_HAS_X Has X: header'

The SpamAssassin table shows the following information:

Content analysis details: (16.34 points, 5.00 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_MESSAGE HTML included in message
0.1 HTML_TAG_EXISTS_TBODY HTML has "tbody" tag
2.2 DEAR_SOMETHING Contains 'Dear (something)'
2.4 BAYES_80 Bayesian spam probability is 80 to 90%
0.0 NO_RDNS2 Sending MTA has no reverse DNS
10.4 FH_HAS_X Has X: header
1.1 SARE_HEAD_MIME_INVALID SARE_HEAD_MIME_INVALID Invalid mime version
0.1 SARE_HEAD_HDR_XMS SARE_HEAD_HDR_XMS Message headers used whic

View 4 Replies View Related

E1000_clean_tx_irq: Detected Tx Unit Hang

Aug 11, 2007

in one of my CentOS 64bit, there is errors with NICs

NETDEV WATCHDOG: eth0: transmit timed out
e1000: eth0: e1000_watchdog_task: NIC Link is Up 100 Mbps Full Duplex
e1000: eth0: e1000_watchdog_task: 10/100 speed: disabling TSO
e1000: eth0: e1000_clean_tx_irq: Detected Tx Unit Hang
Tx Queue <0>
TDH <59>
TDT <5c>
next_to_use <5c>
next_to_clean <58>
buffer_info[next_to_clean]
time_stamp <1241628eb>
next_to_watch <59>
jiffies <124162eba>
next_to_watch.status <0>
e1000: eth0: e1000_clean_tx_irq: Detected Tx Unit Hang
Tx Queue <0>
TDH <59>
TDT <5c>
next_to_use <5c>
next_to_clean <58>
buffer_info[next_to_clean]
time_stamp <1241628eb>
next_to_watch <59>
jiffies <12416368a>
next_to_watch.status <0>

Is there any idea for fixing? It's SM PDSMI+ board. Kernel 2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 26 14:14:47 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved