Results 1 to 5 of 5

Thread: c99 shell is NOT part of cpanel

  1. #1
    Mike-XS's Avatar
    Mike-XS is offline XeroAgent
    Join Date
    Sep 2009
    Location
    OZ
    Posts
    209
    Thanks
    30
    Thanked 109 Times in 71 Posts

    c99 shell is NOT part of cpanel

    Funniest and scariest thing I've seen this week..

    What can you do when you try to warn a webhost that their server has been hacked, and that the server has been compromised with a c99 shell script.

    On top of that the hacked server is linked to active phishing sites you can plainly see in google results, and all they say to you is, no worries the c99 shell is just part of Cpanel.

    Just run away as fast as you can.. ?

    c99 Shell details :
    Appendix B - c99.php utility | The Honeynet Project
    The c99 PHP utility provides functionality for listing files, brute-forcing FTP passwords, updating itself, executing shell commands and PHP code.

    It also provides for connecting to MySQL databases, and initiating a connect-back shell session. In many ways it can be considered the web equivalent of the rootkits that successful attackers often download. In other ways it is the malware equivalent of PHPShell itself.

    c99 is often one of the utility programs that is either downloaded if a web server is vulnerable due to being misconfigured, or can be used in a remote file include attack to try and execute shell commands on a vulnerable server. Figure 6 provides a screenshot of the c99 PHP shell running on a web server.
    For any webhosts reading this that don't know, c99 shell is NOT part of cpanel.

  2. Thanked by:

    Shenron (11 December, 2010)

  3. #2
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,327 Times in 1,258 Posts
    Quote Originally Posted by Mike-XS View Post
    ... and all they say to you is, no worries the c99 shell is just part of Cpanel.
    Oh man... evolution is not working fast enough!
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  4. #3
    Join Date
    Jan 2009
    Posts
    351
    Thanks
    7
    Thanked 18 Times in 18 Posts

  5. #4
    Mike-XS's Avatar
    Mike-XS is offline XeroAgent
    Join Date
    Sep 2009
    Location
    OZ
    Posts
    209
    Thanks
    30
    Thanked 109 Times in 71 Posts
    Oh man... evolution is not working fast enough!
    It's crazy.
    Last edited by Mike-XS; 17 December, 2010 at 16:15 PM. Reason: TMI

  6. #5
    Coastercraze's Avatar
    Coastercraze is offline Net Builder Legend
    Join Date
    Jan 2009
    Location
    Under powerlines
    Posts
    499
    Blog Entries
    3
    Thanks
    94
    Thanked 59 Times in 48 Posts
    Quote Originally Posted by geeknb View Post
    popular shells that are use by scriptkiddies are c99 and r57.
    Yep and to protect yourself, disable some stuff in your php.ini and also install Mod Security with some rules and suPHP for extra protection.
    Webmaster Forums
    Host Mist | Shared | Reseller | VPS | Dedicated
    Arcade Master - Rule the arcade!

Similar Threads

  1. Replies: 9
    Last Post: 2 September, 2009, 14:52 PM
  2. [G2SEO] | Part-1: SEwhat?
    By Nic SEO in forum Promoting
    Replies: 0
    Last Post: 18 May, 2009, 21:17 PM
  3. Did You Take Part In 31DBB?
    By Farrhad A in forum Blogging
    Replies: 7
    Last Post: 10 May, 2009, 22:40 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •