Announcement

Collapse
No announcement yet.

Hack on my site ?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Hack on my site ?

    My web host send me a mail on sunday telling me that the system of surveillance detected an irregular operation on my site.
    >> Problem encountered : Hidden PERL script
    >> Order : [suexec]
    >> Program used : /usr/bin/perl
    >> When: Sun Jul 1 14:13:43 CEST 2007.
    They said that this is not allowed on their system, and stop my website.
    I check the operation at this time and find :
    [01/Jul/2007:14:13:43 +0200] "POST /cgi-bin/cm000001.pl HTTP/1.1" 500 603 "http://www.supreme.fr/cgi-bin/ca000001.pl?ACTION=SHOWCART" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.12) Gecko/20070508 Firefox/1.5.0.12"
    mna75-12-88-165-242-93.fbx.proxad.net www.supreme.fr -
    It doesn't appear as something dangerous, but I don't understand perl. So ?
    Didier
    www.supreme.fr
    _____________________
    Saint Malo. France
    Tags: None
    #2
    well Mr. Stonda, the suEXEC is an apache function that lets users other than the web user execute applications in the cgi-bin.

    here is a page about it: suExec

    I can understand why they'd ban you for that. your web host will know more.

    Comment

      #3
      Thank you Gabriel. Yes on sunday I went to see the page about suEXEC. So if the banned me on Sunday, thay will ban me again !
      What is the solution to prevent from this ? Is it a problem on my own script ?
      Thanks
      Didier
      www.supreme.fr
      _____________________
      Saint Malo. France

      Comment

        #4
        i'm afraid this is s new one to me.

        i open up this problem to more server technical people on the forum.

        also, do you mean viewing in your browser? i doubt that viewing a page in your browser about a server technology can cause your webserver to stop people viewing your webpages. they are seperate services.

        Comment

          #5
          Originally posted by gabrielcrowe
          also, do you mean viewing in your browser?
          I don't understand your question. I just received the message from my host, telling that there is a problem on a script and they must close my site to prevent from kacking. Checking the time, I find that it was this script. And they ask me to check the script as there is probably a problem on it. So ?
          Didier
          www.supreme.fr
          _____________________
          Saint Malo. France

          Comment

            #6
            The script seems to be the one used to show the basket, and I don't change it. So what can I do to prevent from this problem again ?
            Didier
            www.supreme.fr
            _____________________
            Saint Malo. France

            Comment

              #7
              Checking this for you. Like Gabriel mentioned your looking up what this is would not have caused you to be banned. It is the usage on your cart that has caused the banning. I think you should ask your host as to what can be done to enhance the configuration on the server. I am running this past development and will update you with what they have to say.

              Kind regards,
              Bruce King
              SellerDeck

              Comment

                #8
                Thanks Bruce. I sent a mail to my host, but it's always the same : it comes from me, and if I need information, I need to pay somebody : nothing for free !
                I received a mail from Bill Campbell : he confirms that nothing have been changed on this script, so you're right : the host must do something to enhance the configuration on the server.
                Didier
                www.supreme.fr
                _____________________
                Saint Malo. France

                Comment

                Previous template Next
                Working...
                X