Buy
Schedule a Demo
Blog
Community Stats
1 day 7 days 30 days Max. View More
Top Posters
    There is no record available at this moment
Most Active Threads
    There is no record available at this moment
Top Rated Posts
    There is no record available at this moment
2010/11/12 20:45:41
nitaish

HC7.asp file from where it is coming ?

I have noticed in a few servers running HC7 and HC8, a file getting created in many websites with the name hc7.asp and the content of the file contains redirection to a URL containing malware. When I check the FTP logs, I don't find any entry of the file being uploaded via FTP. I think there is some vulnerability in Hosting Controller which is being exploited to create the file on the server in different websites. HC, kindly look into it.
 


Business Email Solution - http://qualispace.com/nova/business-email/
6 comments Leave a comment
patrick
Where is this file creates by HC panel I can't see anywhere in the HC installation or domains folders ?
2010/11/13 01:15:37
HC Staff
Natish it would be better to stop calling issue/query security hole/ vulnerability unless you sure about that. Such post can only used for destructing other HC user. There is no such implementation at hosting controller end to insert a asp file. You might have using 'auto script copy' , the option where reseller can set a file to be auto insert with new domain creation.
2010/11/13 01:21:18
hostautomate
I Agree. 
Perhaps HC should moderate forum with following keywords " security hole , Vulnerability " etc etc
2010/11/13 01:29:14
nitaish
I have found it in a few servers running Hosting Controller and hence have reported the same. I also have a lot of servers running Plesk, there is no such file created in those servers. I deleted the hc7.asp file from the websites in one of the servers on Saturday and today they appeared again. Also, I had mentioned it is as Possible Vulnerability and not a confirmed vulnerability. I had also raised a ticket in Support, which your support team has not bothered to reply. I can even give access to a server in which there are multiple files being created, but only if the support team checks it and reverts. So, instead of crying foul, HC should have a look in it. I am sure there are other HC users too who may have faced the same problem. I would also recommend other HC users to search for the file hc7.asp in their servers.
2010/11/15 01:13:33
patrick
What actually harm bring this file on your server ?
I have searched for this file on all of my 7 servers but no where this file exist. 
 
I am an ASP developer if you send it to me then I could give detail about it.
2010/11/18 05:42:21
techMate
I searched my whole server but unable to find any file named hc7.asp..
 
Nitaish can you tell us the exact path where it is going to be created?
2010/11/21 04:07:47

Comments are closed.