netdynamix
Verified User
Hi,
I have recently had problems on my server with a perl script being downloaded to the server and executed which turn out to be a DDOS script.
I traced the route of the problem to a buggy installation of Zen Cart and patched it for the client and everything was ok.
This morning at about 1am though I got an SMS to notify me that my FTP server, but rather waited for the DirectAdmin email to state the same. And walla... it arrived.
I decided to leave it until this morning so that I could properly dedicate some time to the issue. My first port of call was to try and execute the start of ProFTP from DA Admin Level, only to receive this:
------------
Cannot find the script
Details
/etc/init.d/proftpd
------------
So, I logged into the machine and tried to start it with service proftpd start only to get a service unrecognized.
Any how, I decided to check logs next and found in /var/log/messages that proftpd was complaining that /etc/proftpd.conf didnt exist, which was true.
I then did a custombuild update of proftpd and forced re-install of the service and still all of the above was happening.
I then tried to execute proftp from the binary in shell and it told me this:
- Fatal: Group: Unknown group 'nogroup' on line 30 of '/etc/proftpd.conf'
Additional Information:
Server Running: CentOS 5 32bit
dont know what else you want to know?
Now, this is certainly strange is it not?
I havent removed any of the about scripts nor have I uninstalled proftp as far as I can remember? AND... it was functioning perfectly until this morning at 1am.
What to do?
I have re-secured my server after the latest exploit and everything is fine since then!
I have recently had problems on my server with a perl script being downloaded to the server and executed which turn out to be a DDOS script.
I traced the route of the problem to a buggy installation of Zen Cart and patched it for the client and everything was ok.
This morning at about 1am though I got an SMS to notify me that my FTP server, but rather waited for the DirectAdmin email to state the same. And walla... it arrived.
I decided to leave it until this morning so that I could properly dedicate some time to the issue. My first port of call was to try and execute the start of ProFTP from DA Admin Level, only to receive this:
------------
Cannot find the script
Details
/etc/init.d/proftpd
------------
So, I logged into the machine and tried to start it with service proftpd start only to get a service unrecognized.
Any how, I decided to check logs next and found in /var/log/messages that proftpd was complaining that /etc/proftpd.conf didnt exist, which was true.
I then did a custombuild update of proftpd and forced re-install of the service and still all of the above was happening.
I then tried to execute proftp from the binary in shell and it told me this:
- Fatal: Group: Unknown group 'nogroup' on line 30 of '/etc/proftpd.conf'
Additional Information:
Server Running: CentOS 5 32bit
dont know what else you want to know?
Now, this is certainly strange is it not?
I havent removed any of the about scripts nor have I uninstalled proftp as far as I can remember? AND... it was functioning perfectly until this morning at 1am.
What to do?
I have re-secured my server after the latest exploit and everything is fine since then!
