Now a fresh attack, the third in those 10 days.

I thought this was being addressed?

Still, I’m getting quicker at fixing my infected files now. Perhaps I’ll write a cron job to do it for me if it’s going to be a weekly feature…

If this is only affecting 1% of your servers, why haven’t you found any 777 files on those servers and changed their permissions? (If that’s how the infection happens)

Oh, and some irony. A problem that started last Tuesday was finally fixed this morning (5 days of not being able to use phpMyAdmin) – today would have been the first time I’ve been able to work on my database.

But of course phpMyAdmin is no longer usable again because this freakin vulnerability has trashed the cpanel files again.

I despair!

Unfortunately you misunderstood me as I put NO blame on your staff. They do the absolute best job that they are capable of doing with the knowledge they have and with the time they are given to work on such tasks.

Can you explain to me why PHPsuexec has NOT been put on the servers when it has been available for 2 yrs?

And is the problem seated more with an unpatched cPanel on an older machine with an older version of cPanel?

I’ve been with Kiosk for over 8 yrs now, almost from the beginning of the company. I believed in the company, enjoyed the fact that you were Canadian based and loved the personal touch that you and your staff offered. I want to continue doing so.

Daryl Austman
http://www.greymouse.com

I agree, we tried that and it caused us a ton of headaches when people did not know how to change permissions to 755. However, you are 150% correct, currently 50% are using phpsuexec and we will now enable it on all servers and then teach people how to fix their scripts. We have always used suexec for cgi. Thanks so much for your input

Joel

I would love to type more but, the internet at this Hotel in Texas is REALLY bad

(from http://www.hostmagik.info/phpsuexec.php)

PHP as a CGI with Suexec

When PHP runs as a CGI with Suexec, PHP files work under your user/group. PHP files no longer require loose permissions to function, now they will require strict permissions. Setting your directories or PHP files to 777 will cause them to produce a 500 Internal Server Error, this happens to protect your PHP files from being abused by outside sources.

Under PHPSuexec your directories and PHP files can have permissions no greater than 755 (read/write/execute by your username, read/execute by group/world). Since you own your files, your scripts can function in any directory your user has created and can’t be manipulated by any outside users, including “nobody”.

Now, when a PHP file creates or uploads a new file under your account, the new file will be owned by your username. You will no longer have to worry about the webserver taking over your files and even more important, you will no longer have to worry about a stranger reading or writing to your files either!

This is what makes it so difficult. If even just one php file is 777 on the whole server then it creates a hole for everyone. Our team is making a software now to automatically change all permissions that are insecure to 644. Im getting an update now from them while in Texas, I will post againhere soon.

Thanks so much for your patience on this

Joel