I have a security concern regarding a warning from the company that manages my dedicated server. This may have nothing to do with CMSMS but I want to know if others have encountered this and if it might be related.
This is a clean install of CMSMS with no mods of any kind.
CMSMS V1.6.6
System: Linux
Apache 1.2.14
PHP 5.2.9
MYSQL 5.0.81
Message from hosting company follows. I did not create the tnp folder they refer to. I found the tnp folder in public_html was created by user 0 nobody on Apache.
---------------------------------------------------------
We have received an abuse report regarding your server ' server.myserver.com'. As per the report, there were so many suspicious attempt from your server via SSH.
We could see some vulnerable scripts under the account 'mydomain.com' that caused all those suspicious attempts.
========================
[/home/acctname/public_html/tnp]# ll
total 544
drwxr-xr-x 4 acctname acctname 4096 Nov 25 21:21 ./
drwxr-x--- 12 acctname nobody 4096 Nov 23 06:37 ../
-rw-r--r-- 1 acctname acctname 77 Nov 23 09:46 conf.conf
-rw-r--r-- 1 acctname acctname 276 Nov 23 07:39 jailsh.php
-rw-r--r-- 1 acctname acctname 23638 Nov 23 06:21 List.txt
-rw-r--r-- 1 acctname acctname 2266 Nov 22 13:21 scn.txt
-rw-r--r-- 1 acctname acctname 9559 Nov 23 09:26 s.txt
drwxr-xr-x 3 acctname acctname 4096 Nov 23 12:25 tmp/
drwxr-xr-x 2 acctname acctname 4096 Nov 25 18:01 unixcod/
-rw-r--r-- 1 acctname acctname 487243 Nov 23 06:54 unixco.tar.gz
[/home/acctname/public_html/tnp]#
========================
Currently we have disabled the folder ' tnp' under this account.
Also we suggest you to install CSF firewall that will be more secure and also will prevent the server from any vulnerable attempt.
Vulnerable scripts report from host
Re: Vulnerable scripts report from host
Sounds like you run your own server and need to tighten up the security etc., by installing firewall...
