Results 1 to 5 of 5
  1. #1
    Join Date
    Apr 2005

    Malicious files uploaded

    I started noticing high server loads so I ran the top command and found "ftp_scanner" running.
    After contacting the DC we managed to track it down to one of my accounts, someone had managed to upload several scripts (hsbc phisher, cpanel cracker).
    Anyway I deleted the account, recreated and re-uploaded only the necessary files.

    The files uploaded by the hacker were only uploaded to two folders both of which were folders used to upload images via our backend management script (password protected). Both folders were set to 777 permissions.

    My question is: are the 777 permissions to blame, server security, the script itself which was password protected and hidden away or all 3?

    I've always heavily secured my servers and never had an issue like this for 7+ years, thankfully the cPanel cracker failed!
    C program run. C program crash. C programmer quit.

  2. #2
    Join Date
    Jul 2009
    First of 777 permissions allows everyone read,write,execute permissions which should be avoided at any cost and second use alpha numeric passwords which are difficult to hack.

  3. #3
    Join Date
    Apr 2005
    777 permissions is the only way I found that works when uploading.
    C program run. C program crash. C programmer quit.

  4. #4
    Join Date
    Jul 2009
    how are you "uploading" the files from your script?

    the account you mentioned is that a user account or system account? But to answer your question - yes your lax in permission is probably a contributing factor into getting your server cracked.

  5. #5
    Join Date
    Jun 2003
    World Wide Web
    You can avoid such type of vulnerabilities using the following

    1) Recompile php as SuPHP ( SuPHP will not allow 777 permissions. 755 is enough for folders and 644 is enough for files. Also all the .php files will be run only under the owner ship of the user . Note that php variables cant be declare using .htaccess file. But you can declare php variables using custom php.ini)

    2) Enable Suexec support for Apache

    If you are using C-panel then you can easily acheive the above using the script ( /scripts/easyapache ). Confirm you took necessary backups before proceeding this.

    Also you should scan your server thoroughly and make sure no instances of vulnerability is present. - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

Similar Threads

  1. Stoping malicious files from being uploaded ( Cpanel)
    By Reece|StormingHost in forum Hosting Security and Technology
    Replies: 5
    Last Post: 06-27-2009, 09:52 PM
  2. Uploaded files don't appear?
    By Mechromancer in forum Hosting Software and Control Panels
    Replies: 8
    Last Post: 01-14-2007, 06:56 PM
  3. How do I keep IRC software and other malicious bots from being uploaded on my server?
    By FreeOnlineHost in forum Hosting Security and Technology
    Replies: 18
    Last Post: 03-07-2006, 08:45 PM
  4. FTP ISSUE: files uploaded "not uploaded", disconnect
    By wheimeng in forum Hosting Security and Technology
    Replies: 6
    Last Post: 10-13-2005, 06:55 PM
  5. malicious files within /tmp/tmp
    By neonix in forum Hosting Security and Technology
    Replies: 22
    Last Post: 07-11-2005, 09:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts