var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
Possible new kiddiescript worm by Q8Crackers
Has anyone seen a worm that displays this?
I'm dealing with an issue now where, once the customer logs into squirrelmail, we see:
"Q8Crackers ownz your server"
Limited results on google:
I did find one semi-informational website, but I'm not linking it since he has the code on his page.
Seems to possibly be a VBB worm on the website mentioned & in the Google link, but this customer's squirrel mail was defaced. I'm trying to see how it got in now.
Have you tried checking the code on directory. Some one should have either updated that.. or must have changed the database.
Make sure that none of your users have cpanel root login or shell ( bash ) enabled on the server.
It is reliability
Not sure which are of WHM or cPanel you are referring to?
From the description of the website I found, it gets in through /tmp, but I cant SSH to the server and cant restart it via WHM.
Apparently, they do use vBulletin. I'm thinking that's how this worm got in.
Which version of Vbulletin are they using.?
they are hacking vbulletins using known bugs and some other php applications.
serach their name at zone-h.org and you'll know what i mean.
Turns out their yum mirror was not working (a GA Tech one), so they were running unpatched old versions of lots of software, including PHP.
I fixed the /etc/yum.conf mirror and then did /scripts/sysup and /scripts/upcp to get it up to date and they were ok.