Webpage cracked with ftp cracker

**samuelmf** · 08-27-2010 08:15 PM

Hi one of the webs of a client on my sever was hacked with this script: /http://www.ghostng.com/images/serte.php
What can i do in the WHM config to avoid that kind of hacking attempts?

Ty so much!

**cPanelDon** · 08-27-2010 09:00 PM

Originally Posted by samuelmf

Hi one of the webs of a client on my sever was hacked with this script: /http://www.ghostng.com/images/serte.php
What can i do in the WHM config to avoid that kind of hacking attempts?

Ty so much!

Are you saying an FTP user's password was "cracked" (such as by a brute-force attempt to guess the FTP user's password)?

I would consider ensuring that cPHulk is enabled and or adjust its configuration via the Security Center in WebHost Manager; you may also use WHM to increase the default required password strength that is enforced both for new FTP accounts and when cPanel users modify their existing account password(s).

Reference menu paths and documentation:

WHM: Main >> Security Center >> cPHulk Brute Force Protection
WHM: Main >> Security Center >> Password Strength Configuration

**samuelmf** · 08-27-2010 09:50 PM

Hi, thanks for reply, when i enable cphulk this message appears on the screen:

Warning: VerifyReverseMapping was detected as being enabled for SSHD which causes problems with whitelisting IPs for cPHulkd. VerifyReverseMapping has been set to "no" to prevent issues.

For this change to take effect, please Restart SSHD at your nearest convenience.

I have installed on my server the Configserver Firewall Script

**cPanelDon** · 08-27-2010 10:27 PM

Originally Posted by samuelmf

Hi, thanks for reply, when i enable cphulk this message appears on the screen:

Warning: VerifyReverseMapping was detected as being enabled for SSHD which causes problems with whitelisting IPs for cPHulkd. VerifyReverseMapping has been set to "no" to prevent issues.

For this change to take effect, please Restart SSHD at your nearest convenience.

It is normal for cPHulk to first check for SSHd configuration directives that might conflict. To restart SSHd, please try the following area in WebHost Manager: WHM: Main >> Restart Services

Originally Posted by samuelmf

I have installed on my server the Configserver Firewall Script

I believe it may be OK to run both cPHulk and CSF.

**samuelmf** · 08-27-2010 10:43 PM

Thx, the service was restarted and cphulk, csf and sshd are running well!

**samuelmf** · 08-28-2010 12:19 PM

I will upload the files that the hacker have left on the hacked page.
-removed by Infopro-

There are the files the hacker left on my site, if someone have knowings about programing and linux at expert level could analyse to help other prevent that kind of hackings.

If the files are risky please let me know, to delete them!

Ty

LinkBack

Thread Tools

Webpage cracked with ftp cracker

I had the Cphulk disabled

Service restarted

Files that the hacker have used