Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexey Cheremiskin2015-04-25 09:04:22
Task Schedulers
Alexey Cheremiskin, 2015-04-25 09:04:22

How can an attacker change data in the ISPManager from the outside?

Good afternoon, the problem is as follows:
Somehow, yesterday, attackers gained access to the ISPManager control panel.
As a result, the /var/tmp/NTEbHhe >/dev/null 2>&1 entry appeared in the cron scheduler,
which is executed every 15 minutes, and also, all entries from "Access restriction" have been removed.
The paradox is as follows: entries in the access restriction, I added 16.04 .15, we looked at the hosting logs, but there are no deleting records and adding cron tasks in the logs, i.e. logically, the changes were not made from the ISP. How is this possible?
And yet, what could the added entry in cron mean? The tmp/NTEbHhe directories are outside my account and I am not root.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
S
skyfly20102016-03-31 20:48:49
How to execute cron script with parameters? 1Reply
A
andrew-corput2018-09-01 20:29:38
How to set up cron ispmanager reg.ru? 1Reply
R
Roman Musalimov2018-09-03 10:19:51
How to properly set up Cron on Debian 8? 1Reply
E
elisey4742016-04-12 16:07:49
Why is crontab not executing the script? 2Reply
I
Igor2018-09-21 16:53:51
Page parsing + Cron, how to start the parser by time? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question