The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A true problem !!!

Discussion in 'General Discussion' started by latpanel, Oct 22, 2004.

  1. latpanel

    latpanel Well-Known Member

    Joined:
    Jan 23, 2004
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    My sytem has been hacked and destroyed. All the system has been used as a warez repository and as a point to throw attacks to other machines. :eek:
    I was using CPanel/WHM and I'd just executed the last security update (October 18th or 19th)

    I had rkhunter installed and all the CPANEL monitoring and security apps, but it was not enough. The attack was made from web server (nobody appears as owner of a lot of process and files, r0nin?).

    I've learned: security never is enough. :(

    Some implied exploiters: hatorihanzo, mremap_pte, r0nin ...
    A real disaster. And the worst: I can't imagine how they access to the server. All logs dissapears (pointed to /dev/null) and most files erased ...

    Next time I won't trust just in CPanel, I do better installing anothers monitoring tools.

    Bye, I'm going to cry for a while, a long while.
     
  2. aerostar

    aerostar Member

    Joined:
    Dec 10, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Pittsburgh , Pennsylvania
    Sorry to hear that just remember that cpanel isnt secure "out of the box" still takes a bit of work to secure all your services and it is just about impossible to become hack free but. using the cpanel tweaks, securing tmp directorys , and running phpSUExec will help.


    ~Tim
     
  3. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I dont know why you put your faith in cPanel for security.

    Its not a all in one solution.

    If you only relied on cPanel, rootkit hunter and the sort...

    No wonder you got hacked.
     
  4. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Security once (or twice or thrice, etc) is never enough... security is an ongoing process, never being done until you totally unplug your box. It takes a lotof time staying up with updates and being notified of security holes, etc.

    Obviously, you've had the wrong idea about Cpanel's use... Cpanel doesn't have anything to do with securing your box. Cpanel is intended to make basic administrative tasks a little easier for you and your users, like making email accounts, setting up domain names and subdomains... etc. It actually decreases your server's security to run Cpanel, but people accept the extra risk for the convenience it gives them and their users.

    And monitoring tools won't help you avoid a hack... they're just intended to let you know as soon as possible about a hack after it's already happened and the damage is done. But depending on how much damage is done, these tools may not work or may be less effective.

    Sounds like the attacker got in through an insecure script... probably a php script, like phpnuke or phpbb or something similar.

    Sounds like once they got in, they were able to exploit the server locally to gain root access... it would take root access to delete or redirect logs, etc. Did you have the latest cpanel exploits fully patched? What kernel version were you running?

    If you don't know how to properly secure a server AND are not committed to keeping it secured, you really should hire someone who knows... otherwise, it's only a matter of time before this happens to you.
     
Loading...

Share This Page