Found a scanfile by a hacked user that scan user configs with suPHP etc on

it make no sense here :S

All what i do for suphp mode is:

./build php n
./build suphp
./build secure_php

nothing special or so :o
 
I'm not sure, if there any authentic and actual script to change permissions on homedirs, but you might want to try to do it manually.
 
does you have secure_access_group=access in your directadmin.conf?

Have you run

Code:
echo "action=rewrite&value=secure_access_group" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d200

for check if everything go fine?

Can you post the output of

Code:
ls -l /home/

For check users permission?

Regards
 
hmz nothing happend

Code:
[root@d100 ~]# echo "action=rewrite&value=secure_access_group" >> /usr/local/directadmin/data/task.queue
[root@d100 ~]# /usr/local/directadmin/dataskq d200
Debug mode. Level 200

pidfile written
staring queue
done queue
[root@d100 ~]# ls -l /home/
total 368
drwx--x--x  5 adhdcafe   adhdcafe   4096 Nov 17  2009 adhdcafe
drwx--x--x  5 advicobv   advicobv   4096 Jul 28  2010 advicobv
drwx--x--x  5 algemeen   algemeen   4096 Jul 31 21:42 algemeen
drwx--x--x  5 allfind    allfind    4096 Dec 21  2010 allfind
drwx--x--x  5 alure      alure      4096 Apr  8 20:36 alure
drwx--x--x  5 anorakian  anorakian  4096 Aug 11  2010 anorakian
drwx--x--x  5 artedemich artedemich 4096 Oct 23  2009 artedemich
drwx--x--x  4 audenaert  audenaert  4096 Jul  5  2010 audenaert
drwx--x--x  5 autobedrij autobedrij 4096 Feb 12  2010 autobedrij
drwx--x--x  6 bertniesin bertniesin 4096 Jun 23 13:09 bertniesin
drwx--x--x  5 bmweb      bmweb      4096 Oct 22  2010 bmweb
drwx--x--x  9 creatiefar creatiefar 4096 Aug  7 00:15 creatiefar
drwx--x--x  5 cyntique   cyntique   4096 Feb 15  2010 cyntique
drwx--x--x  4 dejagerrvs dejagerrvs 4096 Feb  1  2011 dejagerrvs
drwx--x--x  4 dga        dga        4096 Nov  2  2009 dga
drwx--x--x  6 dhouteva   dhouteva   4096 Oct 29  2009 dhouteva
drwx--x--x  5 dimargo    dimargo    4096 Jun  9  2010 dimargo
drwx--x--x  7 dirkh      dirkh      4096 May 22 21:01 dirkh
drwx--x--x  5 eeadmin    eeadmin    4096 Oct 22  2009 eeadmin
drwx--x--x  4 eendje     eendje     4096 Oct 19  2009 eendje
drwx--x--x  5 exulttv    exulttv    4096 Apr 22 14:55 exulttv
drwx--x--x  6 fapperd    fapperd    4096 Jan  8  2010 fapperd
drwxr-xr-x  2 root       root       4096 Nov 11  2007 ftp
drwx--x--x  5 gerrits    gerrits    4096 Nov  7  2009 gerrits
drwx--x--x  5 helpdesk   helpdesk   4096 Jun 28  2009 helpdesk
drwx--x--x  4 hierist    hierist    4096 May 26 10:26 hierist
drwx--x--x  5 hikoshop   hikoshop   4096 Jul  2 16:44 hikoshop
drwx--x--x  6 huma       huma       4096 Jul 27 11:48 huma
drwx--x--x  6 ijsbrand   ijsbrand   4096 Nov  3  2009 ijsbrand
drwx--x--x  5 ivar37     ivar37     4096 Oct 24  2010 ivar37
drwx--x--x  5 jacorav    jacorav    4096 Oct 22  2009 jacorav
drwx--x--x  5 jbeernink  jbeernink  4096 Oct 30  2009 jbeernink
drwx--x--x 11 jbijker    jbijker    4096 Apr  5 10:33 jbijker
drwx--x--x  5 jeanclaud  jeanclaud  4096 Jul 30 00:58 jeanclaud
drwx--x--x  5 johniebig  johniebig  4096 Dec 14  2010 johniebig
drwx--x--x  6 johnmph    johnmph    4096 Mar 22  2010 johnmph
drwx--x--x  4 jolmarhen  jolmarhen  4096 Oct 20  2009 jolmarhen
drwx--x--x  5 jtdsignn   jtdsignn   4096 Dec  3  2010 jtdsignn
drwx--x--x  4 kardias    kardias    4096 Nov  9  2010 kardias
drwx--x--x  5 keppekeut  keppekeut  4096 Oct  7  2010 keppekeut
drwx--x--x  5 koen       koen       4096 Jun  9  2010 koen
drwx--x--x  4 kufra2     kufra2     4096 Oct 26  2009 kufra2
drwx--x--x  6 kukelcan   kukelcan   4096 Mar 28 20:18 kukelcan
drwx--x--x  5 lsie       lsie       4096 Oct 25  2009 lsie
drwx--x--x  4 manas      manas      4096 Sep 27  2010 manas
drwx--x--x  4 manas2     manas2     4096 Jun 25 13:57 manas2
drwx--x--x  6 mauricia   mauricia   4096 Oct 19  2010 mauricia
drwx--x--x  4 mbodt      mbodt      4096 May 18 21:25 mbodt
drwx--x--x  7 newgenera  newgenera  4096 Aug  1 04:23 newgenera
drwx--x--x  6 nicocompu  nicocompu  4096 Nov  4  2010 nicocompu
drwx--x--x  5 nlavchd    nlavchd    4096 Nov 24  2010 nlavchd
drwx--x--x  8 pa3ger     pa3ger     4096 Aug  5  2010 pa3ger
drwx--x--x  5 pdewachter pdewachter 4096 Dec 21  2010 pdewachter
drwx--x--x  4 peterjbos  peterjbos  4096 Oct 20  2009 peterjbos
drwx--x--x  6 phubeau    phubeau    4096 Oct 27  2010 phubeau
drwx--x--x 10 pi4utr     pi4utr     4096 May 18 00:01 pi4utr
drwx--x--x  5 pronoot    pronoot    4096 Oct 17  2010 pronoot
drwx--x--x  5 publicent  publicent  4096 Feb 19 15:02 publicent
drwx--x--x  6 radiovolle radiovolle 4096 Jul 31 11:08 radiovolle
drwx--x--x  4 rcdevisser rcdevisser 4096 Mar 21 09:49 rcdevisser
drwx--x--x  5 robleeuw   robleeuw   4096 Oct 20  2009 robleeuw
drwx--x--x  4 romijn     romijn     4096 May  2 11:09 romijn
drwx--x--x  5 schoemans  schoemans  4096 Mar 15  2010 schoemans
drwx--x--x  5 sensation  sensation  4096 Aug 16  2010 sensation
drwx--x--x  5 shaertjens shaertjens 4096 Nov 11  2009 shaertjens
drwx--x--x  4 slimmie89  slimmie89  4096 Oct 22  2009 slimmie89
drwx--x--x  4 smartart   smartart   4096 Oct 21  2010 smartart
drwx--x--x  5 stalenros  stalenros  4096 Dec 30  2009 stalenros
drwx--x--x  4 stephaniev stephaniev 4096 Oct 21  2009 stephaniev
drwx--x--x  4 sweetmilo2 sweetmilo2 4096 Oct 21  2009 sweetmilo2
drwx--x--x  4 taafsors   taafsors   4096 Oct 24  2009 taafsors
drwxrwxrwt  2 root       root       4096 Aug 11 05:23 tmp
drwx--x--x  4 tractor    tractor    4096 Oct 26  2009 tractor
drwx--x--x  4 treehouse  treehouse  4096 Nov 13  2010 treehouse
drwx--x--x  5 urbanity   urbanity   4096 Oct 27  2009 urbanity
drwx--x--x  7 vanpijker  vanpijker  4096 May  4 19:07 vanpijker
drwx--x--x  5 vhadmin    vhadmin    4096 Aug  2  2010 vhadmin
drwx--x--x  6 vlissinge  vlissinge  4096 Jul  2 22:15 vlissinge
drwx--x--x  4 wheelied   wheelied   4096 Oct 28  2009 wheelied
drwx--x--x  6 wienjo     wienjo     4096 Jan 13  2010 wienjo
drwx--x--x  4 wijdeblik  wijdeblik  4096 Oct 19  2009 wijdeblik
drwx--x--x  5 wouterv    wouterv    4096 Oct 29  2010 wouterv
drwx--x--x  5 xftx       xftx       4096 Jan  2  2011 xftx

joe /usr/local/directadmin/conf/directadmin.conf

Code:
SSL=0
addip=/usr/local/directadmin/scripts/addip
admin_helper=admin.site-helper.com
admindir=./data/admin
apache_public_html=0
apache_ver=2.0
apachecert=/etc/httpd/conf/ssl.crt/server.crt
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
apacheips=/etc/httpd/conf/ips.conf
apachekey=/etc/httpd/conf/ssl.key/server.key
apachelogdir=/var/log/httpd/domains
apachemimetypes=/etc/mime.types
brute_force_log_scanner=0
brute_force_time_limit=120
brutecount=100
bruteforce=0
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem
check_partitions=2
check_subdomain_owner=0
clear_blacklist_ip_time=0
clear_brute_log_entry_time=7
clear_brute_log_time=24
cluster=1
demodocsroot=./data/skins/enhanced
docsroot=./data/skins/enhanced
dovecot=1
emailspoolvirtual=/var/spool/virtual
emailvirtual=/etc/virtual
enforce_difficult_passwords=0
ethernet_dev=eth0
exempt_local_block=0
frontpage_on=0
ftpconfig=/etc/proftpd.conf
ftppasswd=/etc/proftpd.passwd
ftpvhosts=/etc/proftpd.vhosts.conf
ip_brutecount=20
license=/usr/local/directadmin/conf/license.key
log_rotate_size=5
logdir=/var/log/directadmin
logger=/usr/local/directadmin/logger
loghostname=0
login_history=10
logs_to_keep=5
lost_password=1
max_username_length=10
maxfilesize=10485760
mysqlconf=/usr/local/directadmin/conf/mysql.conf
namedconfig=/etc/named.conf
nameddir=/var/named
ns1=ns1.domain.net
ns2=ns2.domain.net
numservers=5
owsadm=/usr/local/frontpage/version5.0/bin/owsadm.exe
partition_usage_threshold=95
port=2222
purge_spam_days=0
quota_partition=/
removeip=/usr/local/directadmin/scripts/removeip
reseller_helper=reseller.site-helper.com
servername=d100
serverpath=/usr/local/directadmin
session_minutes=60
skinsdir=./data/skins
sshdconfig=/etc/ssh/sshd_config
taskqueue=/usr/local/directadmin/data/task.queue
templates=/usr/local/directadmin/data/templates
ticketsdir=/usr/local/directadmin/data/tickets
timeout=60
tmpdir=../../../home/tmp
user_brutecount=40
user_helper=www.site-helper.com
userdata=./data/users
secure_access_group=access
 
Last edited:
Should be nice to know if zeiter enabling open_baedir have the same vulerability...

But you should have all directory in username:access format in /home/ except tmp and ftp..

Try to chown one of the users you can find with that script and check if is still readable after.

Regards
 
i see the group is not created strange

chown alure:access alure
chown: `alure:access': invalid group
 
Just as a followup, to confirm it's set correctly in the directadmin.conf, type:
Code:
cd /usr/local/directadmin
./directadmin c | grep secure_access_group
If it shows a value of (null), then it's not correctly set.
The most common reason is a missing newline character at the end of the file.
Edit the directadmin.conf, go to the very bottom, and press enter to add a blank line at the bottom. This sets the newline at the end of the line. Any config file that does not end with a \n will not be seen by DA.

John
 
Back
Top