store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Wed Oct 01, 2014 8:12 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 17 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Proftpd exploit with plesk
Unread postPosted: Sat Mar 03, 2012 7:48 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2058
EvolutionCrazy wrote:
Or does anybody that got a server running with plesk before september 2011 have to consider it "rooted"? :/


Potentially ... but this is very unlikely.

The recon happened in January. If you were vulnerable then, AND you were reconned AND (various other things) then your system's security would be in doubt.

There's also a few other things that people could have done - with hindsight! e.g. change Plesk's port, or block 8443 from the internet at your edge firewall, and set up a login page on the network that redirects to it (and is allowed). That would stop most recons.

Nobody has said where the recons came from, but I'm betting cn/ru/ro/ua IP-space? Or did they hire a botnet for the purpose?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Last edited by faris on Sat Mar 03, 2012 8:58 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Proftpd exploit with plesk
Unread postPosted: Sat Mar 03, 2012 7:53 pm 
Offline
Forum User
Forum User

Joined: Wed Jun 01, 2005 5:52 pm
Posts: 67
On the machines i was asked to inspect there were traces from everywhere.... Lot from the us.

Yeah a lot of things could have been done..... Even doing a rpm -e psa could have helped us all...

We need proper explanations from whose has access to the sources of agent. Php.....


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page Previous  1, 2

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group