Page 39 of 39 FirstFirst ... 2936373839
Results 1,521 to 1,523 of 1523
  1. #1521
    Join Date
    Nov 2010
    Location
    Orlando, Florida
    Posts
    88
    Steven,

    Nope, I didn't stick that in there -- in fact that server was compromised.

    I'm in the process of rebuilding it as we speak.

    Not just for this thing, but also for the heartbleed issue that was found a bit ago as well (my SSL cert may have been compromised as well so I need to re-issue).

    Thanks for identifying that buddy. :-)

    I removed the script as well.
    Server Security | Disaster Planning | PCI Compliance | Virtualization

    http://www.ericgillette.com
    800-665-2370

  2. #1522
    Join Date
    Aug 2010
    Posts
    231
    Hi,

    Found back this thread accidentally. Wow : it's still active

    We've been infected on 2 servers there is 2-3 years by this **it.

    cPanel support proxy infected us.

    ...we've been told by cPanel a couple of times there was no sure ways to remove this malware.

    I would perform a complete reinstall even if there is a "removal" tool.

    I'm surprised nobody has patched the security hole that allowed this file to get there yet, after all this time! ...or it's patched and i don't know?

    I remember we were one of the firsts customers who notified this problem to cPanel.

    The day after, cPanel confirmed the security issue by email, to all their customers.
    Last edited by martin33; 11-06-2014 at 04:13 AM.

  3. #1523
    Join Date
    Aug 2010
    Posts
    231
    Quote Originally Posted by o-dog View Post
    cPanel were working on a ticket and they (and me) were supprised one of the servers was brute forcing the DNS Only server (and locking itself out).

    This was back in October/November!!

    Seems it has been rolling around for a very long time.

    In addition to not giving root passwords to vendors over the internet *doh*, and aside from SSH keys, different SSH ports, CSF+LFD, is there anything else that can reduce attack surface and reduce chances of being rooted again?
    Use CloudLinux

    ...and pray if you provide your ssh credentials to a third party

    I heard the Grsecurity Kernel is not vulnerable to this.

    1h.com products are vulnerables, since they protect against barely nothing and only provide very old binaries. We got infected while using them. You need to protect the kernel first.

    Best option to go is CloudLinux on cPanel IMHO. I did not tried BetterLinux, but i'm not sure it would be benefical for this kind of thing. Seems like it's working pretty much like 1h products.
    Last edited by martin33; 11-06-2014 at 04:21 AM.

Page 39 of 39 FirstFirst ... 2936373839

Similar Threads

  1. ****`it Rootkit, Tuxtendo Rootkit
    By ISpy in forum Hosting Security and Technology
    Replies: 4
    Last Post: 06-22-2010, 11:27 AM
  2. Which server builds are you rolling out?
    By GeekMe in forum Dedicated Server
    Replies: 11
    Last Post: 04-18-2010, 08:03 AM
  3. Getting the ball rolling ...
    By policefreq in forum New Members
    Replies: 1
    Last Post: 08-19-2006, 11:16 PM
  4. Getting company to get rolling
    By Overclocked in forum Running a Web Hosting Business
    Replies: 19
    Last Post: 08-03-2004, 04:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •