We just had a client sign up (http://lzew.l5b.net) and install some software called iProber. I know it displays a bunch of information about the server, but am I at risk? I'm not entirely sure if it's common for this to happen or if it's sort of a signal that someone's going to try to exploit the server.

(We just hit 50 accounts though! Yay! Less than 24hrs!)

Warning: If you come across a user with this script installed, REMOVE IT IMMEDIATELY. It allows them to mass e-mail, and it checks the binary executables on all programs. Or something like that. Better to remove it.

if php can send mail then you are going to end up in a big mess with your datacenter

Yes that thing had been a bitch for me... If you see it remove it asap!

What is it exactly? Is it a shell script, or is it a mail bomber?

It is a php script generally called "iprober.php".

Here's an example of the script in action. Well, I think that's what you're referring to. The script is Chinese, so here's the Babelfish translation for those curious.

As far as I could tell, it seems to be just a server information script, though a very detailed one. I don't what you mean about it allowing someone to send mass emails, though. Maybe I'm not looking closely enough, but I can't see anything of the sort. Still, there doesn't seem to be a good reason for somebody to have such a scipt in their hosting account. Better safe than sorry, anyway, so you might as well take everyone else's advice and remove it. =^^=

removing the script is not the way to go about it, you should try to harden your system so this stuff can't succeed.

This script isn't a shell, it's just a server information script.

If this script works:

- you don't have php open_basedir protection on, or safe_mode i think, or permissions are screwed up.

because it is digging into /proc/ to get that information most of the time.

- and you don't have function popen(); and mail(); disabled because its running some commands with that

disable popen, mail, and enable open_basedir if this script bothers you.

you should check to make sure no one can get above their root folder though, since they can get into /proc/ that may be bad... that's my greatest concern.

If you have open_basedir disabled somebody could hack your site in a minute. When creating a free host that is the first thing you should do.

Thanks for all the advice. I'll be double checking all the settings!

Also, funny thing happened. I saw somebody with five scripts similar to this today. Could there honestly be a purpose for this?