Re: security breach - ftp?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/19/13 11:59, Philipp Duffner wrote:
> Hi,
>
> I'm running Plesk 11.0.9 on a Centos 5.5.
> A website on that box got hacked last week and malicious code got inserted
> into some html/php files. So I went to find out what happened...
>
<snip>
> * yum update everything, also made sure I have the latest version of proftp
> * restore the entire website from a clean backup
> * delete the WYSIWYG folder that I believed had caused the vulnerability
>
> The next days I slept ok hoping I removed the attacker's entry point(s).
>
> ...so I thought! Today the website got hacked again - the same exploit on
> the pages, meaning same attacker.
> And again I can see nothing suspicious except for the successful FTP logon
> just before the modification time of the infected html/php:
>
> 2013-05-18T15:01:25.195559-07:00 MyServer proftpd: Deprecated pam_stack
> module called from service "proftpd"
<snip>
The bunch of these messages, above, make me wonder if the reason that the 
pam stack module is deprecated is vulnerability. Consider checking the 
proftpd configuration, and /etc/pam.d/proftp? whatever it's called, and see 
if you can change what it's calling.

	mark


-- 
"The group mentality of the United States is fundamentally that of a
    teenager." -British Immigrant
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux