Quote:
Originally Posted by Dzelil
well as it seems the file that gets cpane logins scans all directorys on a server that are open n read files such as config.php,conf_global.php etc for the user login and password for mysql ( or what ever you use) and then try it on the directorys ftp and will give the hackers the results as to how many he can acceess on the server within seconds.. no ++++ing around very simple job...
but how did they get the file on your server in the 1st placE?. maybe a another vuln in vb again?
|
If there's another vulnerability on vB [which I don't believe] we will just have the denial as from my hosting service [which I really believe] ... to be accurate I don't know but I uninstall 3 scripts...
I was blaming my Auction site, but another user in this thread mentioned to be victim of the same attack and that his/her server only host vB...
So we are alone on this till someone more kind/prepared re-structure the rules of engagement...