root exploits

Post Reply
hetzbh
Junior Member
Posts: 3
Joined: 11 Jan 2013, 23:24

root exploits

Post by hetzbh »

Hi,

I'm using CSF (btw, where can I see which version is it?) and I just found one of my servers has been hacked.
Looking at the /var/log/lfd.log, I see that a user which was created by the attacked ("ghost") is using a security exploit to gain root, but I didn't get any email nor did I find the following details:

1. Which security exploit is it?
2. How can I automatically block the offending IP?

I looked accross the csf.conf and I didn't find anywhere such options. Could you please tell me which options to set the 2 items?

How do I really see which security exploit that damn kid used? this is the most important issue for me..

One last thing: I was hacked by this "Ghost Iraq" - any good web site where I can find which exploit they use and how I can block it?

Thanks,
Hetz
abubin2
Junior Member
Posts: 2
Joined: 15 Jan 2013, 07:13

Re: root exploits

Post by abubin2 »

most hacking are done from application level nowadays. Assuming your box has already been harden, they will usually hack through exploits from un-updated wordpress or phpmyadmin.

I have had attack from phpmyadmin before. The default phpmyadmin have a setup folder which is full of vulnerability. I usually remove the whole setup folder whenever I install phpmyadmin.

As for how you got hacked, you need to check your logs and analyse them. Sometimes you might find traces and sometimes nothing. It's not easy to find.
hetzbh
Junior Member
Posts: 3
Joined: 11 Jan 2013, 23:24

Re: root exploits

Post by hetzbh »

hacking wordpress will give you the account, not root level access.

My question was about csf itself: it shows a message about security exploit, why not show the process name/pid that it happens, that will make life much easier to trace and fix..
Black Tiger
Junior Member
Posts: 73
Joined: 17 Feb 2009, 14:14
Contact:

Re: root exploits

Post by Black Tiger »

(btw, where can I see which version is it?)
In ssh console type the following:

Code: Select all

csf -v
You will get an output like this:
csf: v5.73 (cPanel)
elrohir
Junior Member
Posts: 1
Joined: 28 Jan 2013, 10:04
Contact:

Re: root exploits

Post by elrohir »

Hacking wordpress are done from application level.
Im not sure it's not root level access.
Post Reply