How does Hacking take place on Cpanel server?
I am writing this post to explain how accounts on server get hacked. Many times it happens that cpanel accounts on server are hacked. Most common hacks are like index page is replaced with some other code thus defacing your website. Some times this types of hacks happen on all accounts including backup on server. Many times it is also an Iframe Hack where hacker puts an extra code to your website and whoever accesses that website, a virus enters their computer thus infecting it. We are not going deep in to the types of hacking but what I am going to explain here is how can we stop this from happening or at least prevent or avoid from happening. If you are facing issue of Iframe hack then one of our cpanel forum member have posted a good article which you can find it here:
Now one would ask “How does this hacking takes place?” Such defacing hacking takes place and we get victim of it because we are careless or we don’t have basic knowledge of keeping our site secure. It is us who give a way for any hacking to take place. Any hacking which is taking place by browser happens due to weak permissions. Many common php applications we use like a picture gallery, forum etc are start point of hacking if and only if they are insecure or are of older versions or some files or directories of that applications are having weak permissions like 777 or 755. For example I have a application which has option of uploading a file. Now if that uploaded file is going in directory for example “images” and “images” is having 777 permissions. Now if I upload any defacing script using that options to images directory say “deface.php” then I can easily access that script using link:
as the images directory is having 777 permissions I can easily execute that script and can deface that account or website. If the permissions on other directories of server are really weak then I can deface the files in other locations of server also. After uploading the script I find more accounts on server who are having weak permissions then I can run my script from its current location and can hack other accounts too. So in this way your account, some other accounts or even whole server is hacked due to weak permissions. To clear this point I have attached a small php script with this post. Just upload it to your account and access it from browser you will see that you can browse other files on server whose permissions are weak.
THIS IS NOT A HACKING SCRIPT AT ALL, NOR I AM PROMOTING HACKING IN ANY WAY. THIS SCRIPT WILL HELP YOU TO FIND OUT WEAKNESS IN YOUR ACCOUNT SECURITY. THIS IS JUST FOR EDUCATIONAL PURPOSE. IF MODERATORS OF THIS FORUM THINK THIS POST IS AGAINST ANY OF THEIR RULES THEY ARE WELCOME TO DELETE THIS POST.
This script is type of browser to browse files on the server or account, where file permissions are weak like 777 or 755 you can browse them though they don’t belong to your account. This script cannot be used to modify or execute any command so don’t worry
So in order to stop all such hackings on the server or to your account always be alert on permissions. Many people use 755 or 777 permissions casually thus becoming victim of some hacking today or tomorrow. Secondly always keep your php applications upgraded to their latest versions so that if there is any code or bug in previous versions they will be cleared. This was very short information but if other forum members want to add more to this they are welcome.
I will be adding more security tips in coming days so stay tuned