Results 1 to 7 of 7
  1. #1

    Possible new kiddiescript worm by Q8Crackers

    Has anyone seen a worm that displays this?

    I'm dealing with an issue now where, once the customer logs into squirrelmail, we see:
    "Q8Crackers ownz your server"

    Limited results on google:

    I did find one semi-informational website, but I'm not linking it since he has the code on his page.

    Seems to possibly be a VBB worm on the website mentioned & in the Google link, but this customer's squirrel mail was defaced. I'm trying to see how it got in now.

  2. #2
    Join Date
    Feb 2005
    I am air u breathe


    Have you tried checking the code on directory. Some one should have either updated that.. or must have changed the database.

    Make sure that none of your users have cpanel root login or shell ( bash ) enabled on the server.

    It is reliability that counts...
    Few tips

  3. #3
    Not sure which are of WHM or cPanel you are referring to?

    From the description of the website I found, it gets in through /tmp, but I cant SSH to the server and cant restart it via WHM.

  4. #4
    Apparently, they do use vBulletin. I'm thinking that's how this worm got in.

  5. #5
    Join Date
    May 2005
    Which version of Vbulletin are they using.?

  6. #6
    Join Date
    Jul 2002
    they are hacking vbulletins using known bugs and some other php applications.

    serach their name at and you'll know what i mean.
    Bashar Al-Abdulhadi - KuwaitNET Internet Services Serving customers since 1997
    Kuwait's First Webhosting and Domain Registration provider - an ICANN Accredited Registrar

    Twitter: Bashar Al-Abdulhadi

  7. #7
    Turns out their yum mirror was not working (a GA Tech one), so they were running unpatched old versions of lots of software, including PHP.

    I fixed the /etc/yum.conf mirror and then did /scripts/sysup and /scripts/upcp to get it up to date and they were ok.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts