Knowledgebase

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Preventing Symlink hacks


Preventing Symlink hacks




Posted by Dawg, 12-05-2011, 07:28 PM
I just watched a disturbing video on youtube where a hacker gained access to a updated Vbulletin forum admin account in a matter of 2 minutes. Now, this has me very worried because i have a pretty busy forum. I have read mixed answers on how to stop this hack. None which seem to work for all. At the very least will moving your config files out of the Public_HTML folder help? Can any of you experts tell us what you are doing to prevent this kind of hack thanks.
Posted by techstubble, 12-05-2011, 07:36 PM
Could you post a link to the video? I'd be more than happy to provide security related advice, but need to know more on the specifics of the attack first.
Posted by Dawg, 12-05-2011, 07:37 PM
Not sure what the rules are on that. Can those types of videos be posted here?
Posted by techstubble, 12-05-2011, 07:51 PM
Good question. Mods?
Posted by brianoz, 12-06-2011, 07:28 AM
mod_security ensure config files cannot be read - use .htaccess directives CSF hardened server ... without knowing the nature of the hack it's fairly difficult to advise.
Posted by Patrick, 12-06-2011, 09:38 AM
http://forums.cpanel.net/f185/how-pr...rs-202242.html Fix: http://forums.cpanel.net/f185/how-pr...tml#post996441 The fix is done by Steven of Rack911. He's a well known member of WHT so it's totally safe to install.
Posted by Steven, 12-06-2011, 10:59 PM
Assuming thats what happened in the video ( I do suspect it is ). For litespeedtech the listed fixes in that thread will work fine: Such as the following: Add to: /usr/local/apache/includes/pre_virtualhost_global.conf We recommend the apache patch for apache instead of the above fix, because it prevents having to modify every account .htaccess for FollowSymLinks, but instead treats FollowSymLinks as SymLinksIfOwnerMatch in the core. Last edited by Steven; 12-06-2011 at 11:03 PM.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Formmail enabled bad or not (Views: 852)
High-end managed hosting providers? (Views: 791)
Submit form to multiple emails using a PHP form (Views: 753)
cpanel account creation (Views: 787)
APF to block an IP (Views: 774)


Language:

LoadingRetrieving latest tweet...

Client Navigation
Useful Pages
Support Center
About 02link

02link provides enterprise hosting and server services at an amazing price. Don't see something that suits your needs? Get a free custom quote from one of our hosting experts.

Back to Top Copyright © 2018 DC International LLC. - All Rights Reserved.