my $processo = '[V8-Final]'; # Fake process name for the bot # if (`ps uxw` =~ /v8-Final/) # (CHANGE IT!!!) # { # # exit; # # }
$ uptime 19:28:06 up 12 days, 20:46, 2 users, load average: 213.96, 212.37, 208.44
$ uptime 19:28:06 up 12 days, 20:46, 2 users, load average: 213.96, 212.37, 208.44
safe_mode = Off disable_functions = register_globals = OnLes scripts php ayant les droits de l'utilisateur (apache) et (apache) ayant alors le droit de lancer :
safe_mode = On disable_functions = exec,highlight_file,passthru,popen,proc_open,shell_exec,show_source,system register_globals = On #(parce que j'en ai besoin)
/dev/hdc6 /path-de-mon-site ext3 nodev,noexec,defaults 1 2
A virus was found: HTML.Phishing.Bank-164 The mail originated from: <?@server42.easycgidomains.com> According to the 'Received:' trace, the message originated at: [66.199.249.114] nobody Notification to sender will not be mailed. The message WAS NOT delivered to: <tatata@domain.net>:
Return-Path: <nobody@server42.easycgidomains.com> Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by smtp.system-linux.net (Postfix) with ESMTP id 65D511B8DBF for <tatata@domain.net>; Sun, 4 Feb 2007 05:58:39 +0100 (CET) Received-SPF: none (mxeu1: 212.27.35.141 is neither permitted nor denied by domain of server42.easycgidomains.com) client-ip=212.27.35.141; envelope-from=nobody@server42.easycgidomains.com; helo=smtpout1.online.net; Received: from [212.27.35.141] (helo=smtpout1.online.net) by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis), id 0MKpV6-1HDZMy1wTs-0004L0 for lbdo@lyonbd.org; Sun, 04 Feb 2007 05:52:55 +0100 Received: from mx2.online.net (mx2.online.net [212.27.35.132]) by smtpout1.online.net (Postfix) with SMTP id 29FF2949064 for <lbdo@lyonbd.org>; Sun, 4 Feb 2007 05:52:52 +0100 (CET) Received: (qmail 24639 invoked by uid 621128); 4 Feb 2007 04:52:52 -0000 Delivered-To: lyonbd.com-lbdo@lyonbd.com Received: (qmail 24635 invoked by alias); 4 Feb 2007 04:52:52 -0000 Delivered-To: lyonbd.com-webmaster@lyonbd.com Received: (qmail 24632 invoked from network); 4 Feb 2007 04:52:52 -0000 Received: from 66.199.249.114 (HELO server42.easycgidomains.com) (66.199.249.114) by mx2.online.net with SMTP; 4 Feb 2007 04:52:52 -0000 Received: from nobody by server42.easycgidomains.com with local (Exim 4.63) (envelope-from <nobody@server42.easycgidomains.com>) id 1HDZMl-0005Yi-NL for webmaster@lyonbd.com; Sat, 03 Feb 2007 23:52:40 -0500 To: webmaster@lyonbd.com Subject: Security Measures From: Paypal <administracion@paypal.com> Reply-To: MIME-Version: 1.0 Message-Id:<1130384585.13653@paypal.com> Content-Type: text/html Content-Transfer-Encoding: 8bit Date: Sat, 03 Feb 2007 23:52:39 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server42.easycgidomains.com X-AntiAbuse: Original Domain - lyonbd.com X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12] X-AntiAbuse: Sender Address Domain - server42.easycgidomains.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: masterwebportal.com:/public_html/data X-ProXaD-VC: Virus Found -------------------------- END HEADERS ------------------------------