How does Hacking take place on Cpanel server?

[allmydomains]

This script is type of browser to browse files on the server or account

webadmin.zip

I have tried the disable_functions but I can still browse the server through your script.

So how do we prevent browsing other accounts and rest of the server (files)?

[brianoz]

Now here is a tricky part, in PHP Shell there is an option called as “Back Connect” using back connect option he can connect to server using command prompt of windows

This is a connection to a fixed port and is easily blocked using a good firewall like CSF - ConfigServer Security & Firewall - it also picks up and reports on (or kills) suspicious processes.

If you are really serious about server security then you might look at getting upload scanner software (eg: configserver's cxs, but there are others) to scan new uploads (FTP, HTTP POST) for well known PHP shells and exploits.

Good security is a series of layers - a current kernel, a hardened server, a good firewall, mod_security to filter out many of the hack signatures, etc.

By the way - this is a good article, demonstrating clearly that once a knowledgeable user has access to your server as a normal user it's only a matter of time before they have root.