Hacker?? Need help

[ChipW]

I have an issue with one customer that claims that he was hacked.... Entire site deleted... This is a game clan using PHPNuke....

The problem now is that the MYSQL server is continually going down which is causing server wide problems.... The owner of this site found a chat log of someone saying they are using mysql exploits....

My question is, how do I find out if this is what is bringing me down.... What do I look for in the logs and what logs do I even look in?

I am a total n00b to this kind of thing...

Any help would be great.... I took this customer's site down for the moment to see if the problem stops and have changed my server and mysql root passwords..

WHM 10.8.0 cPanel 10.9.0-S13517
RedHat Enterprise 3 i686 - WHM X v3.1.0

ConfigServer Security & Firewall - csf v2.51

[Infopro]

Quote:

Originally Posted by ChipW

Any help would be great.... I took this customer's site down for the moment to see if the problem stops and have changed my server and mysql root passwords..

WHM 10.8.0 cPanel 10.9.0-S13517
RedHat Enterprise 3 i686 - WHM X v3.1.0

ConfigServer Security & Firewall - csf v2.51

That's a good start of course. Another step might be to not allow them on your server to begin with. You wouldn't be the first server to ban the nukes.

This is a great tool to have installed. http://www.logview.org/
Giving you access to lots of logs to poke thru real easy.

Keep the site suspended till you figure it out.

[brianoz]

Have you got remote access to mysql allowed? If so, I'd disable it. Also recommend upgrading csf to be the latest with shell command "csf -u" or from the WHM interface.

phpnuke has a lousy security reputation, from what I hear ...

[nilesh_kolte]

Hello,

Check the following URL..

cpwrap root exploit

This will fix.