Results 1 to 5 of 5

Thread: Got my "hacked/suspended" cherry broken.

  1. #1
    Member loyalrogue's Avatar
    Join Date
    Apr 2004
    Location
    South Florida
    Posts
    44

    Default Got my "hacked/suspended" cherry broken.

    Hi all fellow Dathornians,

    I got my first notice in 3 years from Andrew that he was forced to suspend a domain of mine that was causing server problems.
    One of your domains, xxxxxxxxx.xxx, has been suspended for UDP flooding a remote server through the use of a dc.pl script that was in /tmp. This was likely accomplished through an insecure PHP script on the domain.
    It looks like a couple of old copies of PhpMyChat were still installed that were no longer being used so I deleted them and their accompanying databases.
    Does anyone else have any experience or knowledge about this particular exploit script?
    Is there any other steps I should take besides deleting the old PHP scripts?
    Any help or advice is appreciated.

  2. #2
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,634

    Default

    The dc.pl is a common script that is uploaded and placed on user accounts, it is not specific to any particular script exploit really. But removing old/unused script is definetly a good start. Also simply make sure that all remaining scripts are running the latest version that is directly available from the developers.

  3. #3
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,634

    Default

    The /tmp I was referring to is the server's /tmp, not the domains /tmp. However, I removed that file immediatley.

  4. #4
    Member loyalrogue's Avatar
    Join Date
    Apr 2004
    Location
    South Florida
    Posts
    44

    Default

    Thank you for the clarification, Andrew.

    (I had just asked Andrew about not being able to find the dc.pl script in my /tmp folder but deleted my post to reword it while he was answering... sometimes the help around here is too quick.)

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    329

    Default

    Is it possible to prevent running scripts in /tmp? I guess it is most used way of running explits but I cannot think of a reason why would Dathorn clients use that "feature" to run scripts for their own sites.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •