Re: [CentOS] Server Hacked: Cpanel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Aug 09, 2006 at 12:29:14PM -0400, Drew Weaver wrote:
> 	If they got in via SSH and all they did was deface his website
> they must be stand-up guys, huh? Most likely they just wrote an
> executable to his /tmp directory and then used apache's amazing
> recursion checking to execute it. This is the most common case I've seen
> on the dozens of cPanel 'hacks' I've encountered.

/tmp, /var/tmp and /dev/shm based compromizes do seem to account for
70%+ of the hacking on cPanel servers these days.

I blame canned script kiddies tools for that. It is simply the easiest
way to go.

Usually you will have a perl script there, so even nodev,noexec
won't stop that.

[]s

- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE2g3FpdyWzQ5b5ckRAmWkAJ4g1IJjWeGnGJspIhfvl5AciIWF0QCgjLss
zmtRb/dBOc+h3G8eMmBP0mA=
=dwM5
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux