avatar_Marius P.

[ Video Sharing CMS v4 ] Website defaced via shell? [Non PHPVibe-related tips]

Started by Marius P.,

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Marius P.Topic starter

Hi guys!
Today I've found my websites compromised, several shell scripts in each root and so on.
So, i've google like crazy to see how this was posible.
Obviously it was an Apache issue, they injected shell via an old version of Wordpress (ALWAYS UPDATE WORDRESS and use a security plugin). They've spread all over the place with the apache vulnerability.


I did some steps to put my server back to safety:


1. Runned Linux Malware Detect (LMD) and cleaned all files from the report http://xmodulo.com/2013/03/how-to-detect-malware-on-linux.html
2. Runned ClamAv (just in case) with remove files option.
3. Updated CPanel
4. Rebuilt Apache and upgraded it.
5. Changed all ftp passwords
6. Added Suphp & mod_security
7. Shutdown Symlinks
8. Updated all CentOs packages



Hopefully this will help you guys as well if someday you bump into this issues.
Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

leen12

sweet thanks for the info mario im sure this will help sometime,

any idea on when v 3.3 rc 2 is out?
http://hip-hop99.com best hip hop music website
http://social-nuke.com free facebook likes and shares
https://wppluginscheap.com Wordpress plugins and themes cheap
  •  

Marius P.Topic starter

2 days tops. It's mainly done, just changing the upload class, add a shell injection security to it, a quick check and optimising a bit the crons.
Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

leen12

what??? are you serious? lol

i thought you would say like 3 or 4 months lmao =P

niceeee

great work mario keep it up =), i have to say i have started to see many more scripts like this and similar wordpress setups etc.. but im glad i bought this one

is there any temp fix we can get for the facebook image previews as people keep complaining im posting the same content and removing me from places etc.. lol

my videos are using the same images,

any help is appreciated thanks again

http://hip-hop99.com best hip hop music website
http://social-nuke.com free facebook likes and shares
https://wppluginscheap.com Wordpress plugins and themes cheap
  •  

Marius P.Topic starter

Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

leen12

http://hip-hop99.com best hip hop music website
http://social-nuke.com free facebook likes and shares
https://wppluginscheap.com Wordpress plugins and themes cheap
  •  

Marius P.Topic starter

Quote from: leen12 on
yea, ok thanks let me know when you get it fixed please  :P

Please don't use "fixed" it sounds like a bug, it's just a missing feature, not a bug :)
Happy with my help? Buy me a coffee.
Please, always use the search before opening a new topic! We're all here on our (limited) free time! Make sure you help yourself too!
  •  

leen12

http://hip-hop99.com best hip hop music website
http://social-nuke.com free facebook likes and shares
https://wppluginscheap.com Wordpress plugins and themes cheap
  •  

Similar topics (7)