[CentOS] Server Hacked: Cpanel
Rodrigo Barbosa
rodrigob at darkover.org
Wed Aug 9 16:31:01 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Aug 09, 2006 at 12:29:14PM -0400, Drew Weaver wrote:
> If they got in via SSH and all they did was deface his website
> they must be stand-up guys, huh? Most likely they just wrote an
> executable to his /tmp directory and then used apache's amazing
> recursion checking to execute it. This is the most common case I've seen
> on the dozens of cPanel 'hacks' I've encountered.
/tmp, /var/tmp and /dev/shm based compromizes do seem to account for
70%+ of the hacking on cPanel servers these days.
I blame canned script kiddies tools for that. It is simply the easiest
way to go.
Usually you will have a perl script there, so even nodev,noexec
won't stop that.
[]s
- --
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE2g3FpdyWzQ5b5ckRAmWkAJ4g1IJjWeGnGJspIhfvl5AciIWF0QCgjLss
zmtRb/dBOc+h3G8eMmBP0mA=
=dwM5
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list