Greeting from Nixlinux,
I really need to share this information with you guys as I got scared last week about an issue reported by my close friend, he was working on a shared server and he was actually studying about symlinks, just for a fun he thought to run a command on the server to list the symlinks on it. The result he got was suspicious. There were thousands of symlinks found under many accounts, it was a cPanel server having about 800 websites running on it.
If you do not have much idea about what is a symbolic link, I will try to shed some light on it. Pardon my ignorance, I am also a linux kid. 🙂
A symbolic link is also known as softlink which is actually a special file that refers to another file by name. It doesn’t contain any data on it but points to a real fine that has data. You can compare it with a shortcut you find in Windows or a Macintosh machine. When you clink on a shortcut it opens the contents in the real file.
When you delete a target file, symbolic links to that file become unusable or the symlinks became broken.
To create a symbolic link in Unix/Linux, at the prompt, enter:ln -s source_file myfile
In the above command replace source_file with the name of the existing file for which you want to create the symbolic link (this file can be any existing file or directory across the file systems). Replace myfile with the name of the symbolic link.
How do I delete a symbolic link?rm {link-name}
Let’s come to the topic, the symlink attack normally done by creating symlinks to the secured files or important files of the system.
For example, if the server security is low or if it allows symlink on the system a user can create a symlink that points to the /etc/passwd file or /etc/shadow file. This helps the attacker to steal data and user info from the server, this is very very dangerous as the attacker will bruteforce to the server as he got all the usernames, especially you have a cPanel server.
Checking for symlinks and delete them one by is not all an easy method for admins, but we can set alerts using a small shell script. Please find it below, the script will check for symlinks and will send alerts to your mail the account names under which symlinks are present.
SHELL SCRIPT TO PREVENT SYMLINK ATTACK:
I named the script as “symlnk_police.sh” 😉<strong>#!/bin/bash find /home/*/public_html/* -type l >> /root/symlinks.txt cat /root/symlinks.txt | cut -d"/" -f3 | uniq >> out.txt echo "ATTENTION:"|mail -s "symlinks found in $(hostname)" user@domain.com < /root/out.txt > /root/symlinks.txt > /root/out.txt</strong>
You can modify the script with the below line if you want to delete the symlinks at the time when you found it.# find -L /path/to/check -type l -delete
You can enable the script on the server with the help of a cronjob, I run it every morning at 8.30 AM. The cronjob for it is shown below.30 08 * * * sh /root/symlnk_police.sh
That’s all guys, thank you! 🙂
Please post your views in the comment section, I would be happy to check it! 🙂
Your article helped me a lot, is there any more related content? Thanks!
**cellufend**
cellufend is a natural supplement developed to support balanced blood sugar levels through a blend of botanical extracts and essential nutrients.
**neurogenica**
neurogenica is a dietary supplement formulated to support nerve health and ease discomfort associated with neuropathy.
**hepato burn**
hepato burn is a potent, plant-based formula created to promote optimal liver performance and naturally stimulate fat-burning mechanisms.
**hepatoburn**
hepatoburn is a premium nutritional formula designed to enhance liver function, boost metabolism, and support natural fat breakdown.
**potent stream**
potent stream is engineered to promote prostate well-being by counteracting the residue that can build up from hard-water minerals within the urinary tract.
**prostabliss**
prostabliss is a carefully developed dietary formula aimed at nurturing prostate vitality and improving urinary comfort.
**pineal xt**
pinealxt is a revolutionary supplement that promotes proper pineal gland function and energy levels to support healthy body function.
**energeia**
energeia is the first and only recipe that targets the root cause of stubborn belly fat and Deadly visceral fat.
**breathe**
breathe is a plant-powered tincture crafted to promote lung performance and enhance your breathing quality.
**yu sleep**
yusleep is a gentle, nano-enhanced nightly blend designed to help you drift off quickly, stay asleep longer, and wake feeling clear.
**zencortex**
zencortex contains only the natural ingredients that are effective in supporting incredible hearing naturally.
**wildgut**
wildgutis a precision-crafted nutritional blend designed to nurture your dog’s digestive tract.
**sleep lean**
sleeplean is a US-trusted, naturally focused nighttime support formula that helps your body burn fat while you rest.
**nitric boost**
nitric boost is a dietary formula crafted to enhance vitality and promote overall well-being.
**synaptigen**
synaptigen is a next-generation brain support supplement that blends natural nootropics, adaptogens
**glucore**
glucore is a nutritional supplement that is given to patients daily to assist in maintaining healthy blood sugar and metabolic rates.
**prodentim**
prodentim an advanced probiotic formulation designed to support exceptional oral hygiene while fortifying teeth and gums.
**vittaburn**
vittaburn is a liquid dietary supplement formulated to support healthy weight reduction by increasing metabolic rate, reducing hunger, and promoting fat loss.
**gl pro**
gl pro is a natural dietary supplement designed to promote balanced blood sugar levels and curb sugar cravings.
**mind vault**
mind vault is a premium cognitive support formula created for adults 45+. It’s thoughtfully designed to help maintain clear thinking
Your article helped me a lot, is there any more related content? Thanks!
buy generic clomiphene without prescription clomiphene order clomid remedio order clomiphene pill where to get cheap clomid can i buy cheap clomiphene pill buy generic clomiphene price