Hey Frenzz...Members hosting control panel Parallels Plesk facts point to the emergence of malicious servers coming
through uyavzimost in web-interface, file manager that comes with the panel. After the exploitation of this vulnerability in the directory / var / www / vhosts / DOMAINNAME / cgi-bin / hosts script language Perl (the name is chosen at random), which is prescribed in cron. The problem podverzhdeny version of Plesk 9.5 and below. Correction to the elimination of vulnerability has not yet released. To resolve this problem, it is recommended to restrict access to web-panel.
Script code can be found at pastebin, judging by the comments in Russian it is designed by our countrymen. The script connects to a botnet server of the victim network used for DDoS-attacks. It works as a proxy, and several modes of attack for the team are accepted from multiple management servers. Check for malicious script can be assessed in the presence of the directory / var / www / vhosts / [az] * / cgi-bin / weird filenames with the extension ". Pl" and the recent date of modification.
through uyavzimost in web-interface, file manager that comes with the panel. After the exploitation of this vulnerability in the directory / var / www / vhosts / DOMAINNAME / cgi-bin / hosts script language Perl (the name is chosen at random), which is prescribed in cron. The problem podverzhdeny version of Plesk 9.5 and below. Correction to the elimination of vulnerability has not yet released. To resolve this problem, it is recommended to restrict access to web-panel.
Script code can be found at pastebin, judging by the comments in Russian it is designed by our countrymen. The script connects to a botnet server of the victim network used for DDoS-attacks. It works as a proxy, and several modes of attack for the team are accepted from multiple management servers. Check for malicious script can be assessed in the presence of the directory / var / www / vhosts / [az] * / cgi-bin / weird filenames with the extension ". Pl" and the recent date of modification.
0 comments:
Post a Comment