Results 1 to 25 of 25
  1. #1
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956

    help me to remove suspendedpage.cgi

    Hai folks,

    many of our client websites hacked and redirects to
    /cgi-sys/suspendedpage.cgi .

    * i try to remove the 301 redirects throught their cpanels 'redirects' applet, but i cant remove them even though cpanel tells redirect removed.

    * i check suspended accounts in WHM and there are no any suspeded accounts.

    * we have a shared reseller account.

    pls help me to remve this suspended pages.

  2. #2
    Join Date
    Mar 2005
    Location
    New York City
    Posts
    2,554
    Quote Originally Posted by kandyjet View Post
    Hai folks,

    many of our client websites hacked and redirects to
    /cgi-sys/suspendedpage.cgi .

    * i try to remove the 301 redirects throught their cpanels 'redirects' applet, but i cant remove them even though cpanel tells redirect removed.

    * i check suspended accounts in WHM and there are no any suspeded accounts.

    * we have a shared reseller account.

    pls help me to remve this suspended pages.
    That's not because they were hacked. It sounds like you're a reseller, or have just a single cPanel account. I would suggest getting in touch with your web host directly.
    Matthew Rosenblatt, and I do lots of things.
    MCSE, cPanel Certified, Asterisk Specialist.
    My company, BurstAV, specializes in A/V Systems Design as well as VOIP Hardware Sales.
    I also own ConcertCables. We build power/data cables for the entertainment industry.

  3. #3
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    Quote Originally Posted by Matt R View Post
    That's not because they were hacked. It sounds like you're a reseller, or have just a single cPanel account. I would suggest getting in touch with your web host directly.
    indeed we are contated them, but no quick response from (just hxxt)them. so i just tried to remove few of urgent clients site redirects manaullay.

    Thanks for the answer matt.

  4. #4
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    btw,
    those redirects lands in

    HACKED BY VENKI NYRO HACKER AND ICP
    Hey Admin Where iz Your Security
    PATCH UR ASS NOTHING DELETED
    We are:
    |INDIAN CYBER PIRATES|
    WE V'L B B4CK SOON
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Dear Admin Don't Hate Us...Hate Your Weakness.....!!!!!

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Web Site Has Been HaCkeD 4 ICP
    or
    Add Me
    email: HELL_BOY990@yahoo.com

  5. #5
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Probably the old WHMCS exploit from last year if its a reseller account.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  6. #6
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    Quote Originally Posted by HC-Ro View Post
    Probably the old WHMCS exploit from last year if its a reseller account.
    ofcase, i see few fake accounts has been creted in the whmcs.
    but i have no licence key or anything to do an upgrate.
    we are shared resellers.

  7. #7
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    If you have a reseller account and WHMCS provided then you have a WHMCS account and can download any software release with your license. Of course you dont even need to sign in to download security patches.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  8. #8
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    Quote Originally Posted by HC-Ro View Post
    If you have a reseller account and WHMCS provided then you have a WHMCS account and can download any software release with your license. Of course you dont even need to sign in to download security patches.
    oh really i dont no this that we can downlod updates without licence key. great to know about this. thanks a bunch Ro..

  9. #9
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    No prob,

    You have a license key: admin/systemlicense.php Your WHMCS account is likely the same as your reseller account infromation but oyu may need to ask the provider.

    If it is the old security issue then I suggest upgrading or at least patching http://blog.whmcs.com/?t=43462
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  10. #10
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    Quote Originally Posted by HC-Ro View Post
    No prob,

    You have a license key: admin/systemlicense.php Your WHMCS account is likely the same as your reseller account infromation but oyu may need to ask the provider.

    If it is the old security issue then I suggest upgrading or at least patching http://blog.whmcs.com/?t=43462
    its too late now. but glad to learn somthing about security.
    now all in our reseller provider's hand.
    when i execute the billing path all i see is

    -------
    <?php //00d4b
    // *************************************************************************
    // * *
    // * WHMCS - The Complete Client Management, Billing & Support Solution *
    // * Copyright (c) WHMCS Ltd. All Rights Reserved, *
    // * Release Date: 17th June 2011 *
    // * Version 4.5.2 *
    // * *
    // *************************************************************************
    // * *
    // * Email: info@whmcs.com *
    // * Website: http://www.whmcs.com *
    // * *
    // *************************************************************************
    // * *
    // * This software is furnished under a license and may be used and copied *
    // * only in accordance with the terms of such license and with the *
    // * inclusion of the above copyright notice. This software or any other *
    // * copies thereof may not be provided or otherwise made available to any *
    // * other person. No title to and ownership of the software is hereby *
    // * transferred. *
    // * *
    // * You may not reverse engineer, decompile, defeat license encryption *
    // * mechanisms, or disassemble this software product or software product *
    // * license. WHMCompleteSolution may terminate this license if you don't *
    // * comply with any of the terms and conditions set forth in our end user *
    // * license agreement (EULA). In such event, licensee agrees to return *
    // * licensor or destroy all copies of software upon termination of the *
    // * license. *
    // * *
    // * Please see the EULA file for the full End User License Agreement. *
    // * *
    // *************************************************************************
    if(!extension_loaded('ionCube Loader')){$__oc=strtolower(substr(php_uname(),0,3));$__ln='ioncube_loader_'.$__oc.'_'.substr(phpversion(),0,3).(($__oc=='win')?'.dll':'.so');@dl($__ln );if(function_exists('_il_exec')){return _il_exec();}$__ln='/ioncube/'.$__ln;$__oid=$__id=realpath(ini_get('extension_dir'));$__here=dirname(__FILE__);if(strlen($__id)>1&&$__id[1]==':'){$__id=str_replace('\\','/',substr($__id,2));$__here=str_replace('\\','/',substr($__here,2));}$__rd=str_repeat('/..',substr_count($__id,'/')).$__here.'/';$__i=strlen($__rd);while($__i--){if($__rd[$__i]=='/'){$__lp=substr($__rd,0,$__i).$__ln;if(file_exists($__oid.$__lp)){$__ln=$__lp;break;}}}@dl($__ln);}else{die('The file '.__FILE__." is corrupted.\n");}if(function_exists('_il_exec')){return _il_exec();}echo('Site error: the file <b>'.__FILE__.'</b> requires the ionCube PHP Loader '.basename($__ln).' to be installed by the site administrator.');exit(199);
    ?>
    4+oV5E58YKNazN5gzPaSPgRv8bh0qfHuacHqr9MyrQ3lzA0TvgS4ZFeSkSUUmBGaG8HPgL9VzMf3
    trRTI2c0jIDw29BIb/4vv66kWL/GP8ZezMidB9VDlMnNpNKDNQ0UNmFiRCYDzwjAgr2SZf4Srn/4
    i6ci6ajgHvaG0ip43ldM6bpHyhTvD3HD48PZgeeXCnHsf+8WN9m9pMrTzpYUZpgZv9f70L0TdaF2
    d/FBO7Qg2uBy7ZLv2qqccEYIZl9jr0j6xOLhMg7LiAYwqyHtxyaLR7LVY8rN0wpXRV1zDQDW+ahA
    JnSNTuB2GnrrdbimjuQKjW+3gHW0NzM7tBH/FSNHq+9fkZdPI8C0O+5rTODn8Z8Q6UInFm4Mnis8
    mTRcZNM74BTNyknnOhkpiGIp7Xlnq6hXtt4ZN6JEe9/tBs9qRTa4LUkPyjBujbrmOnCSpwV+EYmZ
    WPJhnK+JVkgX9FlhYECeugR52aYR6W6Lae6mUNEAnUTG8HoYk7emV/tZU7Kds0Lm2rEccuF6k7jv
    5JWLUTKFn+i1hnT2GM1HVeA0x6a3QTdPr0Bem4i/NEeWneLC5hKcI99Gz6PPRosMj24pmcgDXul0
    bSwyJ5fWbvUIiQbi2B9W8bfqt7GjpcXgN/A/flXB2NH5Bwv+Adz+/pYsGBSF2G1AzupJn6QTT9iE
    LlCxZMPADy5tedV7cpx0jU+V0T8i28UES3kDVjl71yTtAnW9h44wK2I6uRRxxuuNa/2itfoIpu2t
    IUIzIkfZxkyFhwVrwhuvU5Lg671cysxObE+K+nnTj/OaNJ9VYekKD4qOpdRABlzAlVGprxEEuDFF...............

  11. #11
    Keep us updated please.

  12. #12
    Join Date
    Mar 2003
    Location
    Jaipur, India
    Posts
    632
    please check with your hosting provider if they have suspended it manually only they can unsuspended it or second thing please check your accounts file manger  public_html and find out if any cgi script lied in here.
    ZNetLive
    Web Hosting for Designers & Developers

  13. #13
    Join Date
    Nov 2010
    Location
    Las Vegas
    Posts
    490
    Yeah, check with your provider and always make sure your WHMCS installation is up to date. You may even want to change the admin directory so that it is a little harder to get to if someone tries to hack it.
    HostClearly.com
    HostClearly Web Hosting
    #WeAreYourBussinessPartner
    Shared, Reseller, and VPS Hosting since 2010!

  14. #14
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    18,883
    Hello,
    You should also look in the .htaccess to see if there is a redirect there as well
    Keith I Myers
    CEO and Founder - RemoteRAM.com
    The world leader in Cloud Based RAM
    KMyers.me The rantings of a lunatic

  15. #15
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    288
    Yes check your .htaccess also look at your domain redirects in CPanel.

    ps: installing all the software you have, are you sure you CHMOD everything correctly to do your installs? and back after the installs?
    RackRhino Server Locations: MO, MI, NY, FL, UK
    Shared, Dedicated, Managed & Reseller.

  16. #16
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    Hai folks,

    i contacted the hosting to remove the redirect and now i see in clients cpanel that the permenent redirect has been removed.
    but still it goes to defaultwebpage.cgi.

    * there is not .htaccess file
    * there is no cgi scripts in the public htm or in the cgi_bin folder.
    * but now i can manually execute like this www.clientwebsite.com/index.html and it works


  17. #17
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    18,883
    Quote Originally Posted by kandyjet View Post
    Hai folks,

    i contacted the hosting to remove the redirect and now i see in clients cpanel that the permenent redirect has been removed.
    but still it goes to defaultwebpage.cgi.

    * there is not .htaccess file
    * there is no cgi scripts in the public htm or in the cgi_bin folder.
    * but now i can manually execute like this www.clientwebsite.com/index.html and it works

    See if there is an index.php file in the directory
    Keith I Myers
    CEO and Founder - RemoteRAM.com
    The world leader in Cloud Based RAM
    KMyers.me The rantings of a lunatic

  18. #18
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    Quote Originally Posted by KMyers View Post
    See if there is an index.php file in the directory
    awesome!! no index.php found, so i uploaded a index.php file and now works charm what a relief

    Now i can ask my client to simply upload his index.php file. thanks to the hackers they have not deleted any other files

    THANK YOU GUYS FOR THE GREAT HELP!

  19. #19
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    18,883
    See if there is a redirect script in the 404 error page
    Keith I Myers
    CEO and Founder - RemoteRAM.com
    The world leader in Cloud Based RAM
    KMyers.me The rantings of a lunatic

  20. #20
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Is there a Suspended.page in the directory?
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  21. #21
    Join Date
    Jun 2010
    Location
    Armenia
    Posts
    956
    no folks, now i chk there is no Suspended.page or any redirects in the 404 error page..

  22. #22
    Join Date
    Mar 2003
    Location
    Jaipur, India
    Posts
    632
    Hi,

    This page store under /usr/local/cpanel/

    check this page and remove the coding, or overwrite it.
    ZNetLive
    Web Hosting for Designers & Developers

  23. #23
    Join Date
    Mar 2003
    Location
    Jaipur, India
    Posts
    632
    HI,

    If you are running a VPS, then you must check it under /usr/local/cpanel/

    check if any suspended-cgi script lied there.
    ZNetLive
    Web Hosting for Designers & Developers

  24. #24
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    18,883
    Quote Originally Posted by znetindia View Post
    Hi,

    This page store under /usr/local/cpanel/

    check this page and remove the coding, or overwrite it.
    Quote Originally Posted by znetindia View Post
    HI,

    If you are running a VPS, then you must check it under /usr/local/cpanel/

    check if any suspended-cgi script lied there.
    I am not sure why you keep posting this, the OP Clearly stated

    "we have a shared reseller account."
    Keith I Myers
    CEO and Founder - RemoteRAM.com
    The world leader in Cloud Based RAM
    KMyers.me The rantings of a lunatic

  25. #25
    Join Date
    Feb 2006
    Posts
    4,150
    Quote Originally Posted by kandyjet View Post
    // * WHMCS - The Complete Client Management, Billing & Support Solution *
    // * Copyright (c) WHMCS Ltd. All Rights Reserved, *
    // * Release Date: 17th June 2011 *
    // * Version 4.5.2 *
    If your WHMcs install hasn't been patched, be sure to lock the installation (via file permissions or password protection) until the upgrade/patch has been completed. After the recent WHMcs breach there are more idiots than ever looking for outdated/insecure installs.
    WHMEasyBackup.com - Take Control Of Your Backups!
    Complete Backup Solution For WHM Reseller Accounts
    Download Trial

  26. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. cgi execution problem ( not found for every file inside cgi-bin directories )
    By FarzinSB in forum Hosting Security and Technology
    Replies: 6
    Last Post: 05-19-2011, 10:53 AM
  2. Replies: 2
    Last Post: 03-11-2011, 03:39 AM
  3. remove empty folders and remove from a db
    By NWSTech in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-22-2009, 03:18 PM
  4. Can't remove a cgi script on root level..
    By jayzee in forum Hosting Security and Technology
    Replies: 1
    Last Post: 08-27-2005, 06:13 AM
  5. Undefined catalog: /~isonick/cgi-bin/cart.cgi
    By chicku in forum Hosting Security and Technology
    Replies: 2
    Last Post: 02-15-2003, 12:33 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •