Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Server Hacked with a shell script


Server Hacked with a shell script




Posted by Rezaa, 08-20-2011, 08:57 AM
Hello, Today, I was checking server logs, and found that some one has uploaded some shell scripts on one of my accounts. I instantly removed those files. but after several minutes, files uploaded into the account again! and several minutes later they uploaded into 2 other accounts at the same time! Now I'm sure someone has access to my server, but I don't know how. One of my friends, says that the hacker has access to my server through DNS Zone, But How? I'm using CentOS 6 + kernel 2.6.32-71.29.1.el6.x86_64 Is it the latest kernel? Also I'm using Apache+cPanel (Latest versions) These are names of those files Also do you know how could I prevent .cin files to be uploaded/executed? Any help will be appreciated.
Posted by Rezaa, 08-20-2011, 09:02 AM
OMG! I executed one of those files. the file is showing all directories such as root ,... on my server!!!!!
Posted by Rezaa, 08-20-2011, 10:22 AM
Anyone can help?
Posted by linuxchamp, 08-20-2011, 10:55 AM
Could you please check the permission of the folder where these files where uploaded. If the folder got 777 then change it to 755.
Posted by Rezaa, 08-20-2011, 11:02 AM
Since I'm using suphp, all folders on my server have permission 755 The permission is not the reason of the issue. I'm wondering why these shell scripts are working on my server. I'm using mod_security to prevent shell scripts like C99 but they still can be executed successfuly on my server!
Posted by Techbrace, 08-20-2011, 11:13 AM
Your subject is a bit misleading as from what has been mentioned so far, your server is safe. It was your website/account that was hacked. One of your website applications could be vulnerable. Fix it and you will be fine. Having said that, more time you take to fix it, more issues you're going to confront with because the attacker can perform a variety of illegal acts such as hosting phishing files, start spamming, DoSing a remote server etc.
Posted by brianoz, 08-20-2011, 06:14 PM
Don't think you'll get much info here as you're so vague. Why on earth would you run a hacker's script?? Don't do that, ever!! We'd need to know things like, what modes were actually changed, etc Your friend is talking nonsense I'm afraid; a DNS zone could never provide access. Perhaps named might, but that's an entirely different thing.
Posted by Rezaa, 08-20-2011, 06:21 PM
Yes I know As I know, Its possible a hacker can read DNS zones via zone transfers but they cannot hack websites with that. However I've disabled allow-transfers in named configuration to stop reading zones


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Getting Error while implementing mod_Security rules for antispam event (Views: 738)
Best reseller hosting in India? (Views: 748)
mysql_num_rows() - Bad? (Views: 654)
SSH "No route to host" but only from other VMs on server. (Views: 717)
Pervent download some files with .htaccess (Views: 669)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.