User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Malicious files uploaded


Malicious files uploaded




Posted by LP560, 08-24-2009, 12:02 PM
I started noticing high server loads so I ran the top command and found "ftp_scanner" running. After contacting the DC we managed to track it down to one of my accounts, someone had managed to upload several scripts (hsbc phisher, cpanel cracker). Anyway I deleted the account, recreated and re-uploaded only the necessary files. The files uploaded by the hacker were only uploaded to two folders both of which were folders used to upload images via our backend management script (password protected). Both folders were set to 777 permissions. My question is: are the 777 permissions to blame, server security, the script itself which was password protected and hidden away or all 3? I've always heavily secured my servers and never had an issue like this for 7+ years, thankfully the cPanel cracker failed!
Posted by eth10, 08-24-2009, 12:13 PM
First of 777 permissions allows everyone read,write,execute permissions which should be avoided at any cost and second use alpha numeric passwords which are difficult to hack.
Posted by LP560, 08-24-2009, 12:18 PM
777 permissions is the only way I found that works when uploading.
Posted by DJMizt73, 08-24-2009, 11:42 PM
how are you "uploading" the files from your script? the account you mentioned is that a user account or system account? But to answer your question - yes your lax in permission is probably a contributing factor into getting your server cracked.
Posted by supportexpertz, 08-25-2009, 12:31 AM
You can avoid such type of vulnerabilities using the following 1) Recompile php as SuPHP ( SuPHP will not allow 777 permissions. 755 is enough for folders and 644 is enough for files. Also all the .php files will be run only under the owner ship of the user . Note that php variables cant be declare using .htaccess file. But you can declare php variables using custom php.ini) 2) Enable Suexec support for Apache If you are using C-panel then you can easily acheive the above using the script ( /scripts/easyapache ). Confirm you took necessary backups before proceeding this. Also you should scan your server thoroughly and make sure no instances of vulnerability is present.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
GPU VPS and Brute force preventing (Views: 683)
Hyper-V and Numa (Views: 839)
VNC screen is now all black? (Views: 628)
How to troubleshoot DLLHOST.exe usage (Views: 620)
Cliffsupport.com Amazing (Views: 675)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com