10-18-2011, 06:57 PM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Posts: 1,346
|
|
Hacking Sites on CPanel Server
Hacking Sites on CPanel Server
Recently my web site got hacked. Hacker got access to another site hosted on same server using sql injection. He created a symlink, using the symlink, he was able to hack many sites hosted on the server.
I have created a small php script to reproduce this.
{snip}
Anyone know a solution for this ?
Thanks,
Yujin
Last edited by CD Burnt; 10-18-2011 at 07:30 PM.
Reason: code snip
|
10-18-2011, 07:32 PM
|
|
Community Liaison
|
|
Join Date: Jul 2001
Location: .INdiana
Posts: 2,202
|
|
don't give detailed instructions on how to hack.
__________________
Give me a ticket for an aeroplane
Ain't got time to take a fast train
|
10-18-2011, 07:45 PM
|
|
Aspiring Evangelist
|
|
Join Date: Aug 2009
Location: United Kingdom
Posts: 376
|
|
Quote:
Originally Posted by flashwebhost
Hacking Sites on CPanel Server
Recently my web site got hacked. Hacker got access to another site hosted on same server using sql injection. He created a symlink, using the symlink, he was able to hack many sites hosted on the server.
I have created a small php script to reproduce this.
{snip}
Anyone know a solution for this ?
Thanks,
Yujin
|
Get the server looked at and secured by a professional who knows what they are doing.
__________________
.
|
10-19-2011, 02:09 AM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Posts: 1,346
|
|
Quote:
Originally Posted by CD Burnt
don't give detailed instructions on how to hack.
|
Hackers alrey know and are exploiting this.
Quote:
Originally Posted by Tom,
Get the server looked at and secured by a professional who knows what they are doing.
|
Try the script if you got a cpanel server and see if it woorks. I tried on multiple cpanel server and exploits works.
|
10-19-2011, 02:10 AM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Posts: 1,346
|
|
@CD Burnt, i see you removed the code. I want other cpanel server admins know this.
|
10-19-2011, 03:08 AM
|
|
Community Liaison
|
|
Join Date: Jul 2001
Location: .INdiana
Posts: 2,202
|
|
open a helpdesk ticket, and let the WHT admins decide.
__________________
Give me a ticket for an aeroplane
Ain't got time to take a fast train
|
10-19-2011, 03:11 AM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Posts: 1,346
|
|
No problem, i understand 
|
10-19-2011, 03:32 AM
|
|
Web Hosting Guru
|
|
Join Date: Apr 2010
Posts: 280
|
|
THe symlink issue is apparently an Apache issue, not a cpanel one.
THere is a long post, about this issue, right within the cpanel forums, as well. So far, there have not been any ideal suggestions for securing against this attack. I have not rechecked today. This post is a good reminder for me to do so 
EDIT: Just checked the thread at cpanel.net, and nope, nothing yet 
__________________
Chris Walker
http://www.siterack.net
Shared Hosting / Master Reseller / Reseller / HostReady cPanel VPS / DynaServer Adjustable VPS
|
10-19-2011, 03:50 AM
|
|
Community Leader
|
|
Join Date: Jul 2002
Location: Tasmania, Australia
Posts: 31,979
|
|
Quote:
Originally Posted by flashwebhost
@CD Burnt, i see you removed the code. I want other cpanel server admins know this.
|
If he hadn't, another mod would have. Why you would post an exploit for (potentially) millions to have access to, is beyond me.
|
10-19-2011, 04:00 AM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Posts: 1,346
|
|
Quote:
Originally Posted by Siterack_net
THe symlink issue is apparently an Apache issue, not a cpanel one.
|
I know it is Apache. But we all use Apache in Cpanel servers.
Quote:
Originally Posted by anon-e-mouse
If he hadn't, another mod would have. Why you would post an exploit for (potentially) millions to have access to, is beyond me.
|
I understand that. But in underground forums this is freely shared, can be downloaded as zip file (including symlink, so n00bs can use it). So this is not new to hackers. But many server admins are not aware of this (i was thinking suPHP will solve the problem, i am sure many other admins are thinking the same).
Last edited by flashwebhost; 10-19-2011 at 04:06 AM.
|
10-19-2011, 04:03 AM
|
|
Premium Member
|
|
Join Date: Mar 2002
Posts: 424
|
|
Quote:
Originally Posted by anon-e-mouse
If he hadn't, another mod would have. Why you would post an exploit for (potentially) millions to have access to, is beyond me.
|
so while other sites freely distribute this to there own members (some granted will be used for nasty purposes), we rather keep the members of this forum in the dark?
Not sure how I feel about that, will have to think on that...
__________________
miniVPS - UK/EU Value and Premium VPS Servers!
miniVPN - UK/EU Personal VPN Service. - Coming Soon!
Xavvo.com Innovative Hosting for Innovative People!
|
10-19-2011, 04:05 AM
|
|
Platinum quality
|
|
Join Date: Jul 2005
Location: New Jersey, US
Posts: 1,295
|
|
Since most scripts use many legit functions to do the exploit, it's hard to prevent against common script attacks without disabling almost every function. But you have to first think, how would someone get that hack script into the server to run it? The key is to prevent them from getting in to the server in the first place.
If it is a customer that wants to upload a hack and run it, it's very hard to secure against this. They already have a username/password and full access to upload anything they want and already have access to see all the server specs/versions/etc. You should carefully review and verify any customers you add and watch for any suspicious customers and do not give unnecessary access like ssh.
Now assuming none of your customers are trying to hack you, then there are several easy ways of protecting against a remote hacker from entering your server and uploading a hack script like this. Most commonly software like a firewall, modsecurity, etc., and upgrading all freeware regularly will stop most hacks from entering.
__________________
 PlatinumServerManagement (also known as PSM)
The OLDEST and LARGEST server management provider in the USA, with 15+ employees and growing!
Providing quality support for OVER 14 years! Currently supporting over 3,000 servers monthly!
www.PlatinumServerManagement.com Proud member of the NJ BBB & Chamber of Commerce, and Authorized Cpanel Partner.
Last edited by ServerManagement; 10-19-2011 at 04:08 AM.
|
10-19-2011, 04:12 AM
|
|
Web Hosting Master
|
|
Join Date: Jan 2002
Posts: 1,346
|
|
Quote:
Originally Posted by ServerManagement
But you have to first think, how would someone get that hack script into the server to run it?
|
On shared hosting users run ols scripts. It is not easy to force everyone to update to latest version. Many are lazy.
Also hacker can purchase hosting account with hacked credit card/paypal.
|
10-19-2011, 04:38 AM
|
|
Platinum quality
|
|
Join Date: Jul 2005
Location: New Jersey, US
Posts: 1,295
|
|
Quote:
Originally Posted by flashwebhost
On shared hosting users run ols scripts. It is not easy to force everyone to update to latest version. Many are lazy.
|
That's very true, but just because it is hard to do, doesn't mean it should be disregarded as an invalid solution. The fact is that 99% of hacks come from outdated scripts. So don't just disregard it because it's not easy. This should be the main focus of all hosts.
Quote:
Originally Posted by flashwebhost
Also hacker can purchase hosting account with hacked credit card/paypal.
|
That's also true, but that is why I said you have to verify your customers. Simply doing just a manual phone verification will eliminate probably 90% of fraud.
Just because the solutions are not easy, does not mean that there are not solutions. The topic here was how to stop these hacks, so I explained how. The reality is that one hacker can cause you to lose all of your customers. So sure it will take time to prevent it, such as monitoring, research, etc., but it is well worth it.
__________________
PlatinumServerManagement (also known as PSM)
The OLDEST and LARGEST server management provider in the USA, with 15+ employees and growing!
Providing quality support for OVER 14 years! Currently supporting over 3,000 servers monthly!
www.PlatinumServerManagement.com Proud member of the NJ BBB & Chamber of Commerce, and Authorized Cpanel Partner.
|
10-19-2011, 04:57 AM
|
|
Web Hosting Guru
|
|
Join Date: Aug 2011
Location: India
Posts: 280
|
|
A general solution to hacked sites is not possible. There can be multiple reasons for a site hack. The detection and the resolution requires a deep level analysis of logs and it is always better to have a good system admin to have a look into the issue.
__________________
Fred Bruner
Business Analyst
SupportSages.com- Bytes of Wisdom @ Work - Where guarantees and promises are made to keep!
24/7 Support with 15 mins response time & no charge guarantees
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
