ispCP - Board - Support
possible Hack ispCP 1.0.5 - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: possible Hack ispCP 1.0.5 (/thread-10457.html)

Pages: 1 2

possible Hack ispCP 1.0.5 - theprincy - 04-19-2010 08:29 PM

Code:
torino:/var/www/ispcp/gui# ls -als
total 13148
   4 dr-xr-x--- 21 vu2000 www-data    4096 Apr 19 08:00 .
   4 drwxr-xr-x  7 root   root        4096 Apr 13 01:03 ..
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 01:03 admin
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 00:57 client
   4 dr-xr-x---  3 vu2000 www-data    4096 Jan 18 11:51 domain_default_page
   4 dr-xr-x---  3 vu2000 www-data    4096 Jan 18 11:51 domain_disable_page
   4 dr-xr-x---  3 vu2000 www-data    4096 Jan 18 11:51 errordocs
   4 -r--r-----  1 vu2000 www-data    2462 Apr 13 01:03 favicon.ipo
896 -rwxrwxrwx  1 root   root      912364 Mar 29 06:27 g.dat
  24 -rwxrwxrwx  1 root   root       22027 Mar 29 06:27 g.php
   4 drwxrwxrwx  3 root   root        4096 Mar 29 06:27 grp
   4 -r--r-----  1 vu2000 www-data    1228 Apr 13 01:03 imagecode.php
   4 dr-xr-x---  6 vu2000 www-data    4096 Apr 13 00:57 include
   4 -rwxrwxrwx  1 root   root         326 Apr 19 07:12 index.php
6100 -rw-r--r--  1 root   root     6230475 Apr  9 01:20 lastcarigescam2.tgz
5864 -rw-r--r--  1 root   root     5990935 Apr 19 08:00 lastcarigescam3.tgz
   4 drwxrwxrwx  2 root   root        4096 Mar 29 06:30 logs
   8 -r--r-----  1 vu2000 www-data    5206 Apr 13 01:03 lostpassword.php
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 01:03 orderpanel
   4 drwxr-x---  2 vu2000 www-data    4096 Apr 19 11:15 phptmp
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 01:03 reseller
   4 -r--r-----  1 vu2000 www-data      26 Apr 13 01:03 robots.txt
   0 -rwxrwxrwx  1 root   root           0 Apr 19 06:51 shit.txt
   4 -rw-r--r--  1 root   root           5 Apr 19 03:40 sloboz
   4 dr-xr-x---  4 vu2000 www-data    4096 Apr 13 01:03 themes
   4 dr-xr-x---  6 vu2000 www-data    4096 Apr 13 01:01 tools
   4 -rwxrwxrwx  1 root   root         179 Apr 19 04:12 usere.txt
   4 drwxr-xr-x  6 root   root        4096 Mar 29 06:27 vbank
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankCA
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankLU
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankPO
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankSA
   4 drwxrwxrwx  3 root   root        4096 Mar 29 06:27 ws
   4 -rwxrwxrwx  1 root   root         337 Apr 19 04:17 x.php
124 -rwxrwxrwx  1 root   root      118897 Mar 29 06:27 x.png
   4 -rwxrwxrwx  1 root   root         326 Apr 19 04:18 x1.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x2.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x3.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x4.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x5.php


which files you can help to understand the problem? I can also give you access data to verify in person the whole.
ip is 151.1.153.24 , the panell redirect to http://www.gruppocarige.it.ssl.cx

RE: Hack IspcpOmega version 1.0.5 - BeNe - 04-19-2010 08:49 PM

Means your ispCP was hacked on your System ?
Please provide us the ApacheLogs!

Greez BeNe

RE: Hack IspcpOmega version 1.0.5 - theprincy - 04-19-2010 08:59 PM

(04-19-2010 08:49 PM)BeNe Wrote:  Means your ispCP was hacked on your System ?
Please provide us the ApacheLogs!

Greez BeNe

I have deleted all log files, now I have to reinstall the panel
I tried an upgrade to version today but can not complete this as an error

Code:
cp: cannot open `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/AUTHORS' for reading: No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/ReleaseNotes.locales': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/translating_help.txt': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/ChangeLog': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/security.txt': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/functions': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/README': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/index.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/plugins': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/contrib': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/data': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/pma': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/index.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/filemanager': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/favicon.ico': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/themes': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/phptmp': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/reseller': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/index.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/imagecode.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/domain_default_page': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/lostpassword.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/orderpanel': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/robots.txt': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/admin': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/daemon': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/engine': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/keys': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/scoreboards': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/fcgi': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/awstats': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/virtual': No such file or directory
`/etc/ispcp/ispcp.conf' -> `/etc/ispcp/ispcp.old.conf'
cp: cannot stat `/tmp/ispcp/etc/*': No such file or directory
./up2.sh: line 64: cd: /var/www/ispcp/engine/setup: No such file or directory
Can't open perl script "ispcp-update": No such file or directory
[/quote]

even backup files were deleted, how can I resolve to serve the off-line

RE: Hack IspcpOmega version 1.0.5 - gOOvER - 04-19-2010 09:03 PM

Where's the Problem?? Normaly after every Update with the Script, this Dir will be deleted Wink

RE: Hack IspcpOmega version 1.0.5 - theprincy - 04-19-2010 09:29 PM

(04-19-2010 09:03 PM)gOOvER Wrote:  Where's the Problem?? Normaly after every Update with the Script, this Dir will be deleted Wink

the backup folder is empty there is nothing, so now how do I revolves? the server is off and the panel will not start since I reinstall everything?

RE: Hack IspcpOmega version 1.0.5 - gOOvER - 04-19-2010 09:51 PM

Wheen you're really hacked, then it's better to reinstall the whole Server. Wink

RE: Hack IspcpOmega version 1.0.5 - theprincy - 04-19-2010 09:54 PM

you're right proceed ;-(

RE: Hack IspcpOmega version 1.0.5 - joximu - 04-19-2010 10:49 PM

you need to remove the folder ispcp in /tmp before installing again...

/J

RE: Hack IspcpOmega version 1.0.5 - sakal - 04-19-2010 11:17 PM

Nice will be some analyze of this HACK for the future we can protect our systems against it.

Possible to get some logs ?

RE: Hack IspcpOmega version 1.0.5 - BeNe - 04-19-2010 11:21 PM

No Logs! Sad
Quote:I have deleted all log files, now I have to reinstall the panel

Greez BeNe