Current time: 11-29-2024, 09:40 PM Hello There, Guest! (LoginRegister)


Post Reply 
possible Hack ispCP 1.0.5
Author Message
theprincy Offline
Member
***

Posts: 311
Joined: Nov 2008
Reputation: 2
Post: #1
At possible Hack ispCP 1.0.5
Code:
torino:/var/www/ispcp/gui# ls -als
total 13148
   4 dr-xr-x--- 21 vu2000 www-data    4096 Apr 19 08:00 .
   4 drwxr-xr-x  7 root   root        4096 Apr 13 01:03 ..
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 01:03 admin
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 00:57 client
   4 dr-xr-x---  3 vu2000 www-data    4096 Jan 18 11:51 domain_default_page
   4 dr-xr-x---  3 vu2000 www-data    4096 Jan 18 11:51 domain_disable_page
   4 dr-xr-x---  3 vu2000 www-data    4096 Jan 18 11:51 errordocs
   4 -r--r-----  1 vu2000 www-data    2462 Apr 13 01:03 favicon.ipo
896 -rwxrwxrwx  1 root   root      912364 Mar 29 06:27 g.dat
  24 -rwxrwxrwx  1 root   root       22027 Mar 29 06:27 g.php
   4 drwxrwxrwx  3 root   root        4096 Mar 29 06:27 grp
   4 -r--r-----  1 vu2000 www-data    1228 Apr 13 01:03 imagecode.php
   4 dr-xr-x---  6 vu2000 www-data    4096 Apr 13 00:57 include
   4 -rwxrwxrwx  1 root   root         326 Apr 19 07:12 index.php
6100 -rw-r--r--  1 root   root     6230475 Apr  9 01:20 lastcarigescam2.tgz
5864 -rw-r--r--  1 root   root     5990935 Apr 19 08:00 lastcarigescam3.tgz
   4 drwxrwxrwx  2 root   root        4096 Mar 29 06:30 logs
   8 -r--r-----  1 vu2000 www-data    5206 Apr 13 01:03 lostpassword.php
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 01:03 orderpanel
   4 drwxr-x---  2 vu2000 www-data    4096 Apr 19 11:15 phptmp
   4 dr-xr-x---  2 vu2000 www-data    4096 Apr 13 01:03 reseller
   4 -r--r-----  1 vu2000 www-data      26 Apr 13 01:03 robots.txt
   0 -rwxrwxrwx  1 root   root           0 Apr 19 06:51 shit.txt
   4 -rw-r--r--  1 root   root           5 Apr 19 03:40 sloboz
   4 dr-xr-x---  4 vu2000 www-data    4096 Apr 13 01:03 themes
   4 dr-xr-x---  6 vu2000 www-data    4096 Apr 13 01:01 tools
   4 -rwxrwxrwx  1 root   root         179 Apr 19 04:12 usere.txt
   4 drwxr-xr-x  6 root   root        4096 Mar 29 06:27 vbank
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankCA
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankLU
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankPO
   4 drwxrwxrwx  6 root   root        4096 Mar 29 06:27 vbankSA
   4 drwxrwxrwx  3 root   root        4096 Mar 29 06:27 ws
   4 -rwxrwxrwx  1 root   root         337 Apr 19 04:17 x.php
124 -rwxrwxrwx  1 root   root      118897 Mar 29 06:27 x.png
   4 -rwxrwxrwx  1 root   root         326 Apr 19 04:18 x1.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x2.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x3.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x4.php
   4 -rwxrwxrwx  1 root   root         328 Apr 19 04:18 x5.php


which files you can help to understand the problem? I can also give you access data to verify in person the whole.
ip is 151.1.153.24 , the panell redirect to http://www.gruppocarige.it.ssl.cx
(This post was last modified: 04-20-2010 11:48 AM by gOOvER.)
04-19-2010 08:29 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: Hack IspcpOmega version 1.0.5
Means your ispCP was hacked on your System ?
Please provide us the ApacheLogs!

Greez BeNe
(This post was last modified: 04-19-2010 08:49 PM by BeNe.)
04-19-2010 08:49 PM
Visit this user's website Find all posts by this user Quote this message in a reply
theprincy Offline
Member
***

Posts: 311
Joined: Nov 2008
Reputation: 2
Post: #3
RE: Hack IspcpOmega version 1.0.5
(04-19-2010 08:49 PM)BeNe Wrote:  Means your ispCP was hacked on your System ?
Please provide us the ApacheLogs!

Greez BeNe

I have deleted all log files, now I have to reinstall the panel
I tried an upgrade to version today but can not complete this as an error

Code:
cp: cannot open `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/AUTHORS' for reading: No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/ReleaseNotes.locales': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/translating_help.txt': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/ChangeLog': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/doc/security.txt': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/functions': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/README': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/index.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/plugins': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/contrib': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/webmail/data': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/pma': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/index.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/tools/filemanager': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/favicon.ico': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/themes': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/phptmp': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/reseller': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/index.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/imagecode.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/domain_default_page': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/lostpassword.php': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/orderpanel': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/robots.txt': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/gui/admin': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/daemon': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/engine': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/ispcp/keys': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/scoreboards': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/fcgi': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/awstats': No such file or directory
cp: cannot stat `/tmp/ispcp/var/www/virtual': No such file or directory
`/etc/ispcp/ispcp.conf' -> `/etc/ispcp/ispcp.old.conf'
cp: cannot stat `/tmp/ispcp/etc/*': No such file or directory
./up2.sh: line 64: cd: /var/www/ispcp/engine/setup: No such file or directory
Can't open perl script "ispcp-update": No such file or directory
[/quote]

even backup files were deleted, how can I resolve to serve the off-line
(This post was last modified: 04-19-2010 09:00 PM by theprincy.)
04-19-2010 08:59 PM
Visit this user's website Find all posts by this user Quote this message in a reply
gOOvER Offline
Banned

Posts: 3,561
Joined: Jul 2007
Post: #4
RE: Hack IspcpOmega version 1.0.5
Where's the Problem?? Normaly after every Update with the Script, this Dir will be deleted Wink
04-19-2010 09:03 PM
Visit this user's website Find all posts by this user Quote this message in a reply
theprincy Offline
Member
***

Posts: 311
Joined: Nov 2008
Reputation: 2
Post: #5
RE: Hack IspcpOmega version 1.0.5
(04-19-2010 09:03 PM)gOOvER Wrote:  Where's the Problem?? Normaly after every Update with the Script, this Dir will be deleted Wink

the backup folder is empty there is nothing, so now how do I revolves? the server is off and the panel will not start since I reinstall everything?
04-19-2010 09:29 PM
Visit this user's website Find all posts by this user Quote this message in a reply
gOOvER Offline
Banned

Posts: 3,561
Joined: Jul 2007
Post: #6
RE: Hack IspcpOmega version 1.0.5
Wheen you're really hacked, then it's better to reinstall the whole Server. Wink
04-19-2010 09:51 PM
Visit this user's website Find all posts by this user Quote this message in a reply
theprincy Offline
Member
***

Posts: 311
Joined: Nov 2008
Reputation: 2
Post: #7
RE: Hack IspcpOmega version 1.0.5
you're right proceed ;-(
04-19-2010 09:54 PM
Visit this user's website Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #8
RE: Hack IspcpOmega version 1.0.5
you need to remove the folder ispcp in /tmp before installing again...

/J
04-19-2010 10:49 PM
Visit this user's website Find all posts by this user Quote this message in a reply
sakal Offline
Junior Member
*

Posts: 42
Joined: Mar 2010
Reputation: 0
Post: #9
RE: Hack IspcpOmega version 1.0.5
Nice will be some analyze of this HACK for the future we can protect our systems against it.

Possible to get some logs ?
04-19-2010 11:17 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #10
RE: Hack IspcpOmega version 1.0.5
No Logs! Sad
Quote:I have deleted all log files, now I have to reinstall the panel

Greez BeNe
04-19-2010 11:21 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 6 Guest(s)