I started noticing high server loads so I ran the top command and found "ftp_scanner" running.
After contacting the DC we managed to track it down to one of my accounts, someone had managed to upload several scripts (hsbc phisher, cpanel cracker).
Anyway I deleted the account, recreated and re-uploaded only the necessary files.
The files uploaded by the hacker were only uploaded to two folders both of which were folders used to upload images via our backend management script (password protected). Both folders were set to 777 permissions.
My question is: are the 777 permissions to blame, server security, the script itself which was password protected and hidden away or all 3?
I've always heavily secured my servers and never had an issue like this for 7+ years, thankfully the cPanel cracker failed!
C program run. C program crash. C programmer quit.
You can avoid such type of vulnerabilities using the following
1) Recompile php as SuPHP ( SuPHP will not allow 777 permissions. 755 is enough for folders and 644 is enough for files. Also all the .php files will be run only under the owner ship of the user . Note that php variables cant be declare using .htaccess file. But you can declare php variables using custom php.ini)
2) Enable Suexec support for Apache
If you are using C-panel then you can easily acheive the above using the script ( /scripts/easyapache ). Confirm you took necessary backups before proceeding this.
Also you should scan your server thoroughly and make sure no instances of vulnerability is present.
SupportExpertz.com - the name says it all!
Managed Cloud Servers
Server Management and Monitoring
24x7 outsourced customer support