Exploited script

Discussion in 'Site & Server Administration' started by Namesniper, Oct 14, 2007.

0
  1. #1
    Hello,

    There seems to be an explited script on server,someone uploaded c99shell onto the server and then executed sql commands and deleted the data from my vBulletin database.

    I have restored backup and deleted c99shell but unsure how to find out which script was exploited,anyone can advice ?

    Also is there a rule for mod_security to stop similar scripts from beeing uploaded and executed ?
     
    Namesniper, Oct 14, 2007 IP
  2. zebulon

    zebulon Well-Known Member

    Messages:
    198
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    130
    #2
    here is my mod_security.conf file...use it if you want. it stops a lot of the BS skiddies try. it wont stop every shell but it stops the majority of them from executing, as well, this stops a lot of the other crap that spammers and skiddies try.

    paste into your browser or wget: acircle.us/mod_security.conf
     
    zebulon, Oct 14, 2007 IP
  3. Namesniper

    Namesniper Well-Known Member

    Messages:
    365
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    118
    #3
    Thanks.
    Can you please tell me what kind of attacks its supposed to stop ?
     
    Namesniper, Oct 19, 2007 IP
  4. inworx

    inworx Peon

    Messages:
    4,860
    Likes Received:
    201
    Best Answers:
    0
    Trophy Points:
    0
    #4
    It blocks scripts with blocked phrases, such as it prevents c99 r57 shells etc.

    Also, you will get few errors while posting anything on forums. Try posting

    "backdoor"
     
    inworx, Oct 19, 2007 IP