ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

how to block this file

https://forum.configserver.com/viewtopic.php?t=10548

Page 1 of 1

how to block this file

Posted: 30 Oct 2017, 23:28
by steps4h
Hello
i found a file it have this code


#!/bin/sh
#
# This file is part of the phpseclib project.
#
# (c) Andreas Fischer <bantu@phpbb.com>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
#
set -e
set -x

USERNAME='phpseclib'
PASSWORD='EePoov8po1aethu2kied1ne0'

# Create phpseclib user and home directory
sudo useradd --create-home --base-dir /home "$USERNAME"

# Set phpseclib user password
echo "$USERNAME:$PASSWORD" | sudo chpasswd

# Create a 1024 bit RSA SSH key pair without passphrase for the travis user
ssh-keygen -t rsa -b 1024 -f "$HOME/.ssh/id_rsa" -q -N ""

# Add the generated private key to SSH agent of travis user
ssh-add "$HOME/.ssh/id_rsa"

# Allow the private key of the travis user to log in as phpseclib user
sudo mkdir -p "/home/$USERNAME/.ssh/"
sudo cp "$HOME/.ssh/id_rsa.pub" "/home/$USERNAME/.ssh/authorized_keys"
sudo chown "$USERNAME:$USERNAME" "/home/$USERNAME/.ssh/" -R


how i can block it?
it upladed success by someone

i hope that you can block it with you next update for cxs

Re: how to block this file

Posted: 31 Oct 2017, 09:05
by Sarah
See this article for information on how to submit a file to us and also how to configure your cxs to detect and quarantine it:

https://support.configserver.com/en/kno ... -detect-it

Regards
Sarah

Re: how to block this file

Posted: 31 Oct 2017, 09:56
by steps4h
i have this file

cxs.xtra.example

shall i work on it?

and can you please tell me what line shall i block and what shall i put in cxs.xtra.example

this is what i found on my server
==========================================

USERNAME='phpseclib'
PASSWORD='EePoov8po1aethu2kied1ne0'

# Create phpseclib user and home directory
sudo useradd --create-home --base-dir /home "$USERNAME"

# Set phpseclib user password
echo "$USERNAME:$PASSWORD" | sudo chpasswd

# Create a 1024 bit RSA SSH key pair without passphrase for the travis user
ssh-keygen -t rsa -b 1024 -f "$HOME/.ssh/id_rsa" -q -N ""

# Add the generated private key to SSH agent of travis user
ssh-add "$HOME/.ssh/id_rsa"

# Allow the private key of the travis user to log in as phpseclib user
sudo mkdir -p "/home/$USERNAME/.ssh/"
sudo cp "$HOME/.ssh/id_rsa.pub" "/home/$USERNAME/.ssh/authorized_keys"
sudo chown "$USERNAME:$USERNAME" "/home/$USERNAME/.ssh/" -R

==========================================

i hope that you can help me

Thanks

Re: how to block this file

Posted: 31 Oct 2017, 11:25
by Sarah
steps4h wrote: 31 Oct 2017, 09:56 i have this file

cxs.xtra.example

shall i work on it?
No, you should copy that one to cxs.xtra and work on the new file.
steps4h wrote: 31 Oct 2017, 09:56 and can you please tell me what line shall i block and what shall i put in cxs.xtra.example
We would recommend that you create an md5sum of the file as described in detail in the article I gave you.

Regards,
Sarah
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited