Joomla & Wordpress Hacked

[beleir]

Hello cPanel Community!

I will comment my problem,

I just get hacked all Joomla & Wordpress sites in my hosting very often. Some was not updated, thats true, but a lot was the lot version of Joomla & Wordpress! (1.6.6 & 3.2.1 for example)

I try everything: Put mod_userdir tweak on, mod security (default configuration) on, ConfigServer ModSecurity Control on, ConfigServer Security&Firewall on, have only PHP 5 activated (5.2.17) with Mod SuPHP,EAccelerator for PHP, IonCube Loader for PHP , Mod Security, Suhosin for PHP, Zend Optimizer/Guard Loader for PHP.

Anyone have any idea?

Thank you and Im learning about cPanel all the time!

[tank]

First thing first.
Normally the meekest aspect of any security is the user (you). Make sure that your passwords are strong(letters, numbers and special characters).

That being said, did they only hack your Joomla / Wordpress sites?
If that is the case I am not sure if the cpanel forum is the place to post this. Cpanel mostly deals with cpanel issues.

[beleir]

The password is secure, and the HTML sites are not hacked. So, I think that is a vulnerability in PHP compiled by EasyApache

So, Im asking in the cPanel forums to see if any cPanel user/admin have the same problem, and how to solve it =)

Thank you!

[cPanelTristan]

Are you allowing individual php.ini files and does the account hacked have register_globals set to on? Are you disallowing set functions in disable_functions?

[beleir]

this is my configuration in disable_functions:
show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set

and register globals variables is off of course.

I didnt know if I have custom php.ini blocked. How can I see this? =)

Thank you!

[cPanelTristan]

Are you using suPHP? If you are, then unless you have this in /opt/suphp/etc/suphp.conf file:

Code:

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/

You are allowing individual php.ini files on each account. The above lines will prevent individual php.ini files. Without restricting a php.ini file under suPHP, each account user can configure their own settings, bypassing your security settings.