Got my "hacked/suspended" cherry broken.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • loyalrogue
    Member
    • Apr 2004
    • 44

    Got my "hacked/suspended" cherry broken.

    Hi all fellow Dathornians,

    I got my first notice in 3 years from Andrew that he was forced to suspend a domain of mine that was causing server problems.
    One of your domains, xxxxxxxxx.xxx, has been suspended for UDP flooding a remote server through the use of a dc.pl script that was in /tmp. This was likely accomplished through an insecure PHP script on the domain.
    It looks like a couple of old copies of PhpMyChat were still installed that were no longer being used so I deleted them and their accompanying databases.
    Does anyone else have any experience or knowledge about this particular exploit script?
    Is there any other steps I should take besides deleting the old PHP scripts?
    Any help or advice is appreciated.
  • AndrewT
    Administrator
    • Mar 2004
    • 3653

    #2
    The dc.pl is a common script that is uploaded and placed on user accounts, it is not specific to any particular script exploit really. But removing old/unused script is definetly a good start. Also simply make sure that all remaining scripts are running the latest version that is directly available from the developers.

    Comment

    • AndrewT
      Administrator
      • Mar 2004
      • 3653

      #3
      The /tmp I was referring to is the server's /tmp, not the domains /tmp. However, I removed that file immediatley.

      Comment

      • loyalrogue
        Member
        • Apr 2004
        • 44

        #4
        Thank you for the clarification, Andrew.

        (I had just asked Andrew about not being able to find the dc.pl script in my /tmp folder but deleted my post to reword it while he was answering... sometimes the help around here is too quick.)

        Comment

        • Pedja
          Senior Member
          • Mar 2004
          • 329

          #5
          Is it possible to prevent running scripts in /tmp? I guess it is most used way of running explits but I cannot think of a reason why would Dathorn clients use that "feature" to run scripts for their own sites.

          Comment

          Working...