Links are added automatically in the index page of the website – adsttnmq1/sdioyslkjs2 attack

Recently I faced problem with one of the websites in which there were many links added automatically in the index page. The FTP password was reset many times but it didn’t fix the problem. Even there was no logs for FTP access for this website.

After checking all the files/folders of this website, I found some suspicious files in one folder. There was a PHP script along with other files which was adding the spam links in the homepage. The script was simply called by attacker and they were passing some text file as a query string.

This is not an attack on the website but it seems they were adding the links just to populate their keywords in the search engine. I was not sure from where these malicious files were uploaded but after removing these files, I have not faced the problem again.

Just for the information, the link code was started using tag.

Prevent the user nobody from sending email from cPanel server

If you are running PHP script as an Apache user on cPanel server, it is difficult to find the account if someone sends large amount of emails via PHP script. It is due to the fact that all emails will be sent as a nobody user. cPanel provides settings to block emails which are sent via nobody user. To enable this option, follow the below steps:

- Login to your WHM.

- Go to Server Configuration -> Tweak Settings.

- Select option “Prevent the user “nobody” from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)” and save it.

Please note if PHP processes are running as a nobody user and you enable above option, your clients will not be able to send emails outside their domains using PHP mail() function.

Kailash Aghera

Wordpress and mod_security2 issues

ModSecurity is an open source web application firewall. This helps to prevent attacks on websites, SQL injection, command execution via browser etc. However, this may break some application installed in your website. With ModSecurity2, you can not bypass any rule by ID from your .htaccess file.

If your hosting provider has enabled mod_security with Apache, you may face some problem to post topic, upload images, insert images in the post etc. Since ModSecurity2 does not allow to bypass rules by ID via .htaccess, you will have to contact your hosting provider to bypass some rules for your website. ModSecurity provides facility to bypass rules based on the location. You will require to create global whitelist configuration file to bypass certain rules based on the location.

Recently, I faced problem to upload and insert images in the post. After reading some websites, I found some global rules which I bypassed some ModSecurity rules using global whitelist configuration file which fixed my problem. The rules that I bypassed are as follow (I have put space before LocationMatch and /LocationMatch. Remove that space in your configuration file):


< LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/page.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/options.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-admin/theme-editor.php">
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

< LocationMatch "/wp-includes/">
SecRuleRemoveById 960010 960012 950006
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61
< /LocationMatch>

Hope this will help others who are facing the similar problem in their Wordpress blog with mod_security.

Kailash Aghera

How To Start/Restart/Stop iptables and auto start at boot

You can use the following commands to start/restart/stop iptables on your Linux server:

To start iptables:
service iptables start

To stop iptables:
service iptables stop

To restart iptables:
service iptables restart

You can determine whether iptables is running or not using following command:

service iptables status

You can also configured iptables to start automatically on boot. You will need to use chkconfig command to turn it on:

chkconfig iptables on

To use above commands, you will need the root access of your server.

Kailash

cPanel for Windows – cPanel Enkompass

cPanel, the leading Web hosting control panel software provider, has released their beta product Enkompass for Windows Server 2008. Enkompass installs on one IIS7 Server and reaches out to host web sites on multiple web servers, mail servers and database servers and we can add servers easily to expand our capacity.

cPanel is planning to provide almost all features which are currently available in cPanel/WHM. They have not committed however. Below are the expected features of Enkompass:

Administrator/Reseller Interface Features:

[1] Server configuration
- Admin Password
- Tweak Settings
- Manage Servers

[2] Support
- Support Center

[3] Reseller
- Reseller Center
- Show Reseller Accounts

[4] Languages
- Clone/Create a New Language
- Upload a Language File
- Download/Delete a Language File

[5] Backup
- Configure Backup
- Restore Backups

[6] Account information
- List Accounts
- List Parked Domains
- List Subdomains

[7] Account functions
- Create a New Account
- Modify an Account
- Password Modification
- Quota Modification
- Suspend Unsuspend Accounts
- Terminate an Account
- Restart Users Websites

[8] Multi – Account Functions
- Modify/Upgrade Multiple Accounts
- Terminate Multiple Accounts

[9] Plans
- Add Plans
- Edit/Delete Plans
- Copy plans

[10] DNS Functions
- Add DNS Zone
- Delete a Zone
- Edit MX entry
- Park a Domain

[11] MySQL Services
- Change a MySQL User Password
- Check/Repair a Database

[12] MS SQL Services
- Change a MS SQL User Password
- Repair a MS SQL Database

[13] IP Functions
- Add a New IP Address
- Show IP Address Usage
- Show/Delete current IPs
- Add Reserved IPs
- Edit/Delete Reserved IPs

[14] System Health
- Current CPU Usage
- Current Disk Usage
- Current Running Processes

[15] Themes
- Clone Theme

[16] cPanel
- Modify WHM News

[17] Server SSL / TLS
- Generate/Request a SSL Certificate
- Install a SSL Certificate
- Activate a SSL Certificate
- Manage FTP Bindings

End user features:

[1] Preferences
- Getting Started Wizard
- Change User Password
- Update Contact Info
- Change Language
- Branding Editor
- Change Style
- Shortcuts

[2] Mail
- Submit a Support Request
- Email Accounts
- Log into Webmail
- Mail Forwarders
- Auto Responders
- Default Address
- Mailing Lists
- MX Entry

[3] Files
- Restore System Backups
- User Backups
- File Manager
- Disk Space Usage
- FTP Accounts

[4] Logs
- Latest Visitors

[5] Security
- Password Protect Directories
- IP Deny Manager
- SSL/TLS Manager

[6] Domains
- Sub Domains
- Addoon Domains
- Parked Domains
- Redirect Pages

[7] Databases
- Create MySQL Database
- Manage MySQL User
- Create MS SQL Database
- Manage MS SQL Users

[8] Advanced
- MIME Types
- Error Pages
- Directory Browsing
- Network Tools
- WebHost Manager
- Restart Websites

For more details, you may visit this article.

Kailash Aghera

Next Page »

• 

• Recommended Host

  

• Sponsor Links

  
  

• Feedburner

  
  

• Categories

  • Business NEWS (6)
  • cPanel Hosting Tutorials (3)
  • General (6)
  • Linux Commands (2)
  • Operating Systems (8)
  • Programming Languages (4)
  • Search Engine Optimization (4)
  • Site and Server Security (7)
  • Web Hosting (21)
  • Web Hosting Control Panels (13)

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

• Blogroll

  • Affiliate Software
  • Blogarama
  • BlogRankings.com
  • Web Hosting Discussion
• 

• Recent Posts

  • Links are added automatically in the index page of the website – adsttnmq1/sdioyslkjs2 attack
  • Prevent the user nobody from sending email from cPanel server
  • Wordpress and mod_security2 issues
  • How To Start/Restart/Stop iptables and auto start at boot
  • cPanel for Windows – cPanel Enkompass

• Tags

  AwStats boot.ini cheap hosting Check disk Chkdsk cPanel cPanel backup cPanel full backup cpanel transfer Database error DirectAdmin DNS ensim fdisk /mbr FIle System check fixmbr Free Web Hosting free website builder FSCK HELM home directory backup Host Table Link Exchange link popularity Linux MBR move web site cpanel / whm MySQL mysql backup OpenVZ Operating Systems page rank PHP Pleask restore backup transfer web site cPanel Unix virtual server virtuozzo VPS web site builder web site builder tool Windows xenserver XOSL

• Archives

  • February 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • August 2008
  • July 2008
  • June 2008
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007

Copyright © 2009 · All Rights Reserved · Revolution Blog theme by Brian Gardner - WordPress · Log in