Hello, Some time ago i faced a problem with one of the worst Shells for Admins and the best Shells For Hackers. this shell can hack everything on your host, it can access your server with syslink.. with some Shell Comands.. i think every server is in danger with this type of shell around.. dose have someone faced this thing before IMAGE: http://i.imgur.com/z2DTK.png
secure your site completely = mod_security / snort, chown and chmod (permissions) use SSH to access with server key disable any pwd logins use direct admin instead of cPanel disable ANY and all uploads!
Use LMD ( Linux Malware Detection ) make it to run on a daily basic and check the report it return, Make sure you update your site scripts, mainly script where you can upload files. If you need server audit, hardening just contact me !
How about elaborating a little?. Obviously many experienced system admins take security very seriously and would like to know more about this to determine if it's really a threat to their own servers.
lol its just a modifed r57 shell, they been around for years. use mod security with a good ruleset, maldet/clamav to scan for them and csf for general security will stop most of these. this is not a dangerous hack, can only access what is under the user it was uploaded under.
I've never heard of this before? Where'd you hear this? But I think any security alert is a security alert and that we must be on alert and so I will be upgrading the server security now
OMG and you are a ceo of a host? he is talking about a php shell people, surely most of you arent that retarded
I am the CEO Of a host indeed. Could be any time of virus or hack to be honest, not always neccesarily via PHP shell.
No, that shell can access your root, access your database, access your configurations, even the mod_rules can make that. As i have tested all the ways posible, and the only one can fix it is doing some tricks IF you want i can show how i can make symlinks on your server without you giving me permission, just with htaccess, with php.ini Well, a friend of mine Got Hacked from this shell with 1000 Clients inside it.. and its nothing regarding to cPanel... Well, if you secure tmp, And make some rules on mod_security you wont have problems with virus and other stuff, but this is not a virus, this shell can really damage your company.
unless it is exploiting the kernel its not going to give root automatically. Just a php shell, it will have all the permissions as the php user it was uploaded under. If its uploaded on a server running php as nobody, no openbasedir, safemode it may be able to access multiple users but an up to date server running suphp, current php, mod security, etc; it can only exploit the user its uploaded under. Paste the source, trust me its no new hack-o-matic. I can setup an account if you like, guarantee you can do nothing more then what a normal php script under that user could do. Ive had this same discussion on another forum before, person came back with /etc/passwd, big deal. Like I said, guarantee it can only do what the user its under can do.
no need to post source, these are easy to find - simple php shell - http://www.google.com/search?hl=&q=...=1&bav=on.2,or.r_gc.r_pw.&fp=6af0f014ae16db6c