Knowledgebase

Portal Home > Knowledgebase > Articles Database > New (Patched) cPanel Vulnerabilitites?


New (Patched) cPanel Vulnerabilitites?




Posted by w00ts!te, 05-24-2007, 01:52 PM
I keep getting these types of accesses in a few of my servers. 42-1 - 0/0/18 . 0.00 512957 0 0.0 0.00 0.15 86.127.9.63 (unavailable) GET /publisher HTTP/1.043-1 - 0/0/13 . 0.00 512955 0 0.0 0.00 0.40 86.127.9.63 (unavailable) HEAD /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.144-1 - 0/0/14 . 0.00 512960 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /cgi-bin/phf HTTP/1.045-1 - 0/0/11 . 0.00 512954 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /domcfg.nsf/?open HTTP/1.046-1 - 0/0/14 . 0.00 512951 0 0.0 0.00 0.29 86.127.9.63 (unavailable) GET /null.htw HTTP/1.047-1 - 0/0/12 . 0.00 512959 0 0.0 0.00 0.44 86.127.9.63 (unavailable) GET /orders/orders.txt HTTP/1.048-1 - 0/0/8 . 0.00 512960 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /mall_log_files/order.log HTTP/1.049-1 - 0/0/5 . 0.00 512957 0 0.0 0.00 0.20 86.127.9.63 (unavailable) GET /whois_raw.cgi HTTP/1.050-1 - 0/0/2 . 0.00 512960 0 0.0 0.00 0.14 86.127.9.63 (unavailable) GET /cgi-bin/whois_raw.cgi HTTP/1.051-1 - 0/0/3 . 0.00 512954 0 0.0 0.00 0.20 86.127.9.63 (unavailable) GET /cgi-bin/ HTTP/1.052-1 - 0/0/3 . 0.00 512955 0 0.0 0.00 0.19 86.127.9.63 (unavailable) GET /cgi-bin/uptime HTTP/1.053-1 - 0/0/2 . 0.00 512955 0 0.0 0.00 0.00 86.127.9.63 (unavailable) GET /ifx/?LO=../../../etc/passwd HTTP/1.054-1 - 0/0/2 . 0.00 512954 0 0.0 0.00 0.01 86.127.9.63 (unavailable) GET /cgi-bin/webbbs.cgi HTTP/1.055-1 - 0/0/2 . 0.00 512949 0 0.0 0.00 0.02 86.127.9.63 (unavailable) GET /root HTTP/1.056-1 - 0/0/2 . 0.00 512949 0 0.0 0.00 0.08 86.127.9.63 (unavailable) GET /quikstore.cfg HTTP/1.057-1 - 0/0/3 . 0.00 512954 0 0.0 0.00 0.01 86.127.9.63 (unavailable) GET /cgi/ HTTP/1.0 The IP had been globally banned and I think cPanel has already come out with a patch for it so this topic is kind of a "by the way" for some admins.
Posted by Patrick, 05-24-2007, 01:56 PM
Looks like someone is running a very outdated web vulnerability scanner against your box. Hell, one of those exploits (phf) is from 1996.
Posted by w00ts!te, 05-24-2007, 03:35 PM
I don't see why someone would still run those as cPanel is updated constantly... especially those old vulnerabilities.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
PHP Files FastCgi, SuPHP or Mod_PHP? (Views: 473)
moving to server 2008 (Views: 468)
NOC and DC (Views: 466)
[Wed May 23 15:58:24 2007] [error] [client ::1] File does not exist: /htdocs (Views: 482)
How to enable SElinux and Secure CentOS 6 (Views: 889)

Language: