Results 1 to 5 of 5

Thread: c99 shell is NOT part of cpanel

  1. #1

    c99 shell is NOT part of cpanel

    Funniest and scariest thing I've seen this week..

    What can you do when you try to warn a webhost that their server has been hacked, and that the server has been compromised with a c99 shell script.

    On top of that the hacked server is linked to active phishing sites you can plainly see in google results, and all they say to you is, no worries the c99 shell is just part of Cpanel.

    Just run away as fast as you can.. ?

    c99 Shell details :
    Appendix B - c99.php utility | The Honeynet Project
    The c99 PHP utility provides functionality for listing files, brute-forcing FTP passwords, updating itself, executing shell commands and PHP code.

    It also provides for connecting to MySQL databases, and initiating a connect-back shell session. In many ways it can be considered the web equivalent of the rootkits that successful attackers often download. In other ways it is the malware equivalent of PHPShell itself.

    c99 is often one of the utility programs that is either downloaded if a web server is vulnerable due to being misconfigured, or can be used in a remote file include attack to try and execute shell commands on a vulnerable server. Figure 6 provides a screenshot of the c99 PHP shell running on a web server.
    For any webhosts reading this that don't know, c99 shell is NOT part of cpanel.

  2. Quote Originally Posted by Mike-XS View Post
    ... and all they say to you is, no worries the c99 shell is just part of Cpanel.
    Oh man... evolution is not working fast enough!
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  3. #4
    Oh man... evolution is not working fast enough!
    It's crazy.
    Last edited by Mike-XS; 17 December, 2010 at 17:15 PM. Reason: TMI

  4. #5
    Quote Originally Posted by geeknb View Post
    popular shells that are use by scriptkiddies are c99 and r57.
    Yep and to protect yourself, disable some stuff in your php.ini and also install Mod Security with some rules and suPHP for extra protection.
    Webmaster Forums
    Host Mist | Shared | Reseller | VPS | Dedicated
    Arcade Master - Rule the arcade!

Similar Threads

  1. Replies: 9
    Last Post: 2 September, 2009, 14:52 PM
  2. [G2SEO] | Part-1: SEwhat?
    By Nic SEO in forum Promoting
    Replies: 0
    Last Post: 18 May, 2009, 21:17 PM
  3. Did You Take Part In 31DBB?
    By Farrhad A in forum Blogging
    Replies: 7
    Last Post: 10 May, 2009, 22:40 PM

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts