pagoda
-
Posts
205 -
Joined
-
Last visited
Posts posted by pagoda
-
-
rack
-
troop
-
pants
-
Greetings,
(Whoops - this response has been sitting on my desktop while my train of thought was derailed (deranged? ) for a while, so it looks like I am duplicating some previous remarks...)
Only posting this for posterity and people considering or already using this software.
Worse - there are/have been known exploits for people using PMachine by EllisLab (formerly name PMachine - this product was their flagship product), an online publishing program which used to have both a free and purchasable version but was discontinued formally by EllisLab and released into the public domain and is now developed by the user community. There have been a number of exploits associated with this software with the potential for root access having been the most egregious.
One of the more popular exploits allowed an attacker to execute commands with the same privilege level as the underlying web server (namely - the Apache process) - this is the attempt you were seeing in your log files. And as icing on the cake, there is an escalation of privilege that can occur in some instances allowing root access on a machine.
Pretty serious hole for people using PMachine Pro and PMachine Free. Worse yet, variants of this problem first appeared in 2003 (if memory serves me correctly). The issue became even more serious sometime in 2005 when the root escalation issue was reported. Affected versions were/are PMachine Pro/Free versions up to and including 2.4. It should be noted that (AFAIK) the current version is 2.4.1. A good amount of additional information on this exploit is found on the SANS website at (http://www.sans.org/newsletters/risk/display.php?v=4&i=8). SANS is likely the best place to check when you see mysterious log entries such as this one. I've taken several SANS courses (as a "white hat" of course ); SANS is very likely one of the best resources for exploits as reported in near real time - of particular interest is the daily updated SANS Internet Storm Center at http://isc.sans.org.
Additional information in case others come across this software and/or the same log entries or similar problems:
When I see something like this (i.e. BS in my logfiles that shouldn't be there) and it is consistent and from either a single static IP, class C network or the like I'll just block the whole bloody lot of them. However, if one is running either a dedicated server or reseller account, then one needs to be vigilant but less likely to block IPs in case valid users might be trying to connect from that IP or block of IPs.
On personal machines I am rather ruthless with this kind of crap. 9 times out of 10 it is spammers trying to hawk either drug "services", pornography or other common scams. This can ultimately, if successfully exploited, cause your IP(s), entire machine or even TCH to be blocked by others. But, given the age of this exploit my guess is that you are probably looking at script kiddies trying to have some "fun" with spam at your expense (literally - since bandwidth costs you should they actually achieve their goal - I've been victim to this prior to moving to TCH in 2003).
If you are not running a dedicated server or a reseller account you can still block other's IPs, an IP range etc. using the IP Deny Manager in your cPanel.
Be Virtually Safe ,
Pagoda
P.S. My favorite (and most cynical) observation is that when a company with a particular name based on their flagship product ends up having a root escalation issue, what do you do? Simple: you change your business name! LOL!!! (This is clearly a glib remark, but still - it did make me laugh! - I found myself wondering how many times Microsoft would have changed their name if they had this policy... are there that many words in the dictionary? Bwaaaa Haaaa! )
-
Greetings Siswati,
through either WHM or CPANEL, how do I restore the functionality to view hideen(DOT) files in file manager?I am assuming (since you must have a reseller account given you know about WHM) that you have tried the following:
I.E. just close the current file manager window and then click the icon again to reopen the file manager.
Now, if you have instead turned it off for accounts on your server that is another story....
Hope this helps.
Cheers,
Patrick
-
Absolutely no offense taken! Good luck with your web site. As a web designer that's just sort of how my head works - my apologies for misunderstanding the situation.
Cheers,
Patrick
-
troop
-
bilk
-
peppermint
-
bow
-
sprat
-
sill
-
mates
-
Whoo hooo!
I've been wasting so much time trying to better my score - now I can leave this game alone and get back to real work...
1494.2m
Once I figured out that the location of the "moles" is apparently random (i.e. changes from turn to turn) it was clear that all one has to do is wait for the right alignment and try to get as much forward momentum as possible (using the tree as a point of reference).
Pagoda
-
sends
-
Oh yeah, I forgot a very important one... links from other websites INTO your website and OUT to other websites that are related to what you do are rated as a very good thing by most search engines. So it's a good idea to do this (in your case - similar ezines)
Cheers again,
Patrick
-
Greetings Mae,
This is my attempt to help out with your question. I am a web designer by trade so I deal with these issues very frequently.
TCH and other companies offer SEO (Search Engine Optimization) for your website (usually just the home page). This can also be completed through TCH's Domain Registration website via a product called "Traffic Blazer". I have used Traffic Blazer for many of my clients via a one year subscription submitting their websites to the search engines roughly every two months (to avoid being blacklisted) and have had very good luck with this.
You may also want to look up "SEO" and/or '"Search Engine Optimization" on the web as both of these will help you out. Depending on your market (let's say you see computers) then you may increases your standings in the search engines by a few pages. On the other hand if you are a bit more specific, and your business caters to a specific location too, then you can use that as useful information. As example might be if you sell cook ware in Somewhere, US and your customer base is mostly centralized around that physical location due to your having a bricks-n-mortar store there. In that case, you would use keywords for the SEO optimization as something like "cooking, cookin, cookware, cokeware, somewhere ST, My StoreName,..." etc. (yes - it is a good idea to put misspellings of common words in the "keywords" <meta... tag).
There are some pitfalls one must watch out for when doing SEO. In a nutshell, these are:
1) Do not do "keyword loading" - this means that you should tend to make lists of keywords in your <META...> tags that are 10-15 words - so choose these widely.
2) Some search engines (notably Google - but also several others) only allow submission of a website for SEO purposes every 2 months or so. Submitting your website too often will get you black listed and your website will not get spidered (spidering is when a search descends all of your pages to index them for their search engine - you can verify that this is taking place via the "Awstats" tool in you cPanel).
4) You can submit your website either manually to the big names (Google, Yahoo, Lycos, MSN, etc.) or else use Traffic Blazer (well worth the money) to help you get into several hundreds or even thousands of search engines or lists depending on your settings. Do make sure you read and follow the instructions.
5) Do NOT EVER put "hidden text" on your web page. This is called "keyword loading" and is when people put hundreds, maybe thousands of keywords in the same color as the background of their home page so the reader of said homepage can not see these words (unless they look at the source code) but search engines will read them. This WILL get you blacklisted. The smarter search engines now look for text that is the same color as the background and flag it negatively if such is found.
Some good things, tips and tricks:
1) Make sure that every graphic on your home page (your generally just submit one page to a SEO program like Traffic Blazer and the rest of the site is then spidered) has an ALT tag (i.e. <img src="../somewhere/img.gif" width="10" height="10" alt="cooking, cookware, pots, pans" /> this is a great way to have even more keywords on your home page.
2) Make sure that your home page contains at least 500 words of main text. Search engines like numbers that are thereabouts.
3) Make sure you also include a <META ...> tag description
4) You can even make up a few <META ...> tags and this will help somewhat (for example, <META products="pots and pans, fine china, etc.">
5) Make sure that the main text on the home page (those ~500 words) use the same keywords as are in your <IMG...> tags and your <META...> tags. In other words - make everything consistent.
6) Do submit your website every 2 months (roughly) but not sooner than that or you risk being blacklisted
I have TONS more on SEO if/when you get to a place where you would like more information.
Cheers,
Patrick
-
stern
-
bawl
-
truer
-
trust
-
boll
-
stuff
-
boil
Scrabble II
in Fun and Games
Posted
hoots