Posts by c0urier

PMASA-2012-5

Announcement-ID: PMASA-2012-5

Date: 2012-09-25

Summary

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

Description

One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.

Severity

We consider this vulnerability to be critical.

Affected Versions

We currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected, check if your download contains a file named server_sync.php.

Solution

Check your phpMyAdmin distribution and download it again from a trusted mirror if your copy contains a file named server_sync.php.

References

Thanks to Tencent Security Response Center for letting us know about this issue.

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Be aware administrators:
http://blog.unmaskparasites.co…e-module-injects-iframes/

This fault is not caused by i-MSCP, but it's just a warning to check your systems for "possible" breaches.

****

Edit: A few things you can do, to prevent people from easily finding your Apache version is to modify your security configuration for apache.
nano/vi /etc/apache2/conf.d/security

Change:
ServerTokens Prod
ServerSignature Off
and
TraceEnable Off

& Restart Apache. /etc/init.d/apache2 restart

This will make it harder to find and exploit your installation if Debian/Ubuntu is affected by this.

Quote from gOOvER

Ok, but ajaxplorer is better in my eye's.

Oh we totally agree Torsten, it was just to inform people about it. I was sure the project was completely dead, but obviously not.

Hi,

Don't know how many of you have noticed, but the development of net2ftp seems to have started again in the beginning of august. You can test the new beta version of 1.0 on net2ftp.com or download and test it yourself =).

http://www.net2ftp.com/

Just a little heads-up for those of you running into trouble when wanting to debug issues in apache2 on Debian squeeze.
Firstly apache2 on Debian squeeze is compiled with PIE support, which means the core-dumps can not be read by the ordinary gdb package on Debian since it's only version 7, and PIE first came after 7.1.
A solution to this is to use the squeeze backport:
http://packages.debian.org/squ…kports/amd64/gdb/download
It will give you access to gdb 7.3 with PIE support.

I needed this because my apache error log certainly started to get spammed with:
[notice] child pid 19378 exit signal Segmentation fault (11)

It spammed these messages every 5 minutes and nothing was logged in syslog/dmesg. I even checked for hardware faults but nothing found. This message led to apache2 stopped sending answers to users entering webpages our clients webpages, giving them a "503" error or "No data received".

Install some missing packages:
apt-get install apache2-dbg libapr1-dbg libaprutil1-dbg

Enabled debug in apache2:
nano /etc/apache2/apache2.conf
Add: CoreDumpDirectory /tmp

wget http://backports.debian.org/de…b_7.3-1~bpo60+1_amd64.deb

dpkg -i gdb_7.3-1~bpo60+1_amd64.deb

/etc/init.d/apache2 restart

Your dump file "core" should start to grow when the error in apache's error log arrives.

Check the file: gdb apache2 /tmp/core

In my case it was a module needed by mod_spdy that certainly started to act up, in this case: mod_ssl_with_npn.so
I changed nano /etc/apache2/mods-enabled/ssl.load to use mod_ssl.so instead of mod_ssl_with_npn.so and it solved my seg faults.

Hope this helps others in debugging issues with apache on squeeze.

Quote from gOOvER

Ok, your right. Maybe missunderstood thus

That happens =D - Lets see if he gets his problems fixed.

And regarding what you said about order/payment systems etc he should go with WHMCS, it's by far the most supported by i-MSCP.

Quote from gOOvER

I think he want such a panel like WHMCS, AWBW, Hostbill, when he ask to set it as Startsite

He doesn't ask how to set it as default page, he asks how to not have the i-MSCP login page as default page when visiting his site imposinghosting.co.cc.

And this is set during installation or you can edit imscp.conf and imscp.old.conf and set BASE_SERVER_VHOST = panel.DOMAIN.TLD as an example. And rerun the setup.

No it's no worries, let people decide what solution they prefer =).

Did you check?
http://forum.i-mscp.net/Thread…P-change?pid=6361#pid6361

I've been running the 8.0-beta and 8.0-RC for quite some time, and I have to say it's a trendy look. I like it, but it's a taste question, since some clients have been quite dis-satisfied with the new look and others haven't. Luckily for me the majority likes it =).