How to find malicious Script code

[Montygarg910]

Hi , is there any technique by which we find malicious code in PHP script to prevent hacking of CPanel , because last week i face same consequences as someone hackk my cpanel and delete everything from there . Help me so that it will never happen again.

Thank you

 

[ckeeper]

Make sure you have csf, and or fail2ban is installed, as well as some sort of rootkit and av solution (look for clamav, imunify, rootkit) etc. Keep the cpanel updated. Keep an eye on the logs. Check out this link for some more details.

 

[Montygarg910]

Make sure you have csf, and or fail2ban is installed, as well as some sort of rootkit and av solution (look for clamav, imunify, rootkit) etc. Keep the cpanel updated. Keep an eye on the logs. Check out this link for some more details.

Thanks but as i am android developer unaware of these things how to install csf or fail2ban etc on my cpanel?? But it find whether some one hack or not but how to find that code file through which someone can hack cpanel??

 

[slvrsteele]

There is on the market one licensing script that does it without trigger the antivirus or fail2ban:

Spoiler

Auto PHP Licenser

================================================================= The original, best selling, best rated, and most advanced PHP license manager on CodeCanyon! Don’t buy a replica when you can get ...

codecanyon.net

GOD mode to delete everything from user’s machine when cracking attempt is detected;

Since its very first release, PHP license manager can automatically delete script files from user’s machine in case of cracked license or hacking attempt. It can even delete script files for cancelled purchases. Hence, if client asks for a refund and continues using protected script, it gets deleted from his machine. Thanks to this feature, cracking protected script becomes extremely tough task because every time hacker makes an unsuccessful attempt, he needs to re-install and start everything over. Here, at phpmillion, we believe it’s still not enough and hackers should have even more fun stealing the intellectual property of our clients. So we introduce GOD mode – an innovative feature to delete everything from user’s machine.

Once author enables GOD mode, PHP licensing system works as usually. Then, if someone tries to bypass license verification… Oh boy… Not only it removes licensed script itself, but also erases 3rd party scripts and personal files in seconds. For example, if user installed protected script at hisdomain.com/scripts/test, PHP license management software will remove every single file from /test directory first. Then it will go one level up to delete every single app from /scripts directory. Finally, it will enter root directory (hisdomain.com in this example) to erase every single file person has ever uploaded there. All this fun – without any warning or notification! Do you imagine a sane person messing with it more than one time? Neither we do.

If you had the luck to have one script protected by this type of licensing and the dev is one of hateful ones then empty servers may result.

i am android developer unaware of these things how to install csf or fail2ban

how to find that code file through which someone can hack cpanel

It is hard to explain how to find a piece of code that can act as a rootkit or a shell on your server as it may be encoded/encrypted in so many ways also there are different codes for different rootkits/shells. You need some good php knowledge and manual scan of all the files publicly hosted on your server.

Also a look into your server access and error logs is totally helpful.

But I still recommend you to search for professional help, someone that have experience with this kind of attacks and know what to look for. Unfortunately this kind of help is almost impossible to find for free as it requires a lot of time.

 

[DevLoader]

There is on the market one licensing script that does it without trigger the antivirus or fail2ban:

Can you please tell me what does it mean? I didn't get you.
Thanks

 

[slvrsteele]

That script you can use as a license check for every piece of code you release on the wild. And it has that capability to be enabled: a backdoor mode that allows the developer to trigger automatic deleting of the physical files from the server

 

[DevLoader]

That script you can use as a license check for every piece of code you release on the wild. And it has that capability to be enabled: a backdoor mode that allows the developer to trigger automatic deleting of the physical files from the server

OMG! That means this script is really very secure. By the way do you have this script's latest version?
Thanks

 

[slvrsteele]

Even if I have it I won't share it nulled. This is one of the scripts that I won't share just because I like the idea behind it and I think it's a bit too powerful to be left in the wild alone. If you want it I suggest you to support the developer and buy it.

 

[DevLoader]

Even if I have it I won't share it nulled. This is one of the scripts that I won't share just because I like the idea behind it and I think it's a bit too powerful to be left in the wild alone. If you want it I suggest you to support the developer and buy it.

Umm...yes you're right! The idea of dev is very unique and powerful. But before let me check with community members too. If someone have this then i'll try to do something with that.
Thanks

 

[ckeeper]

Thanks but as i am android developer unaware of these things how to install csf or fail2ban etc on my cpanel?? But it find whether some one hack or not but how to find that code file through which someone can hack cpanel??

Try this to install csf on cpanel vps.

You can install fail2ban with the command:
yum install fail2ban

Follow this to install chrootkit on centos.

How to install rkhunter on cpanel.

 

[Montygarg910]

thanks everyone but i think i need to do study before applying all above stuff .