Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Account Compromised Question

Discussion in 'Security' started by filip212, Aug 31, 2017.

  1. filip212

    filip212 Member

    Joined:
    Aug 22, 2017
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Slovakia
    cPanel Access Level:
    Root Administrator
    Hello,
    I have some security issues. Some hacker send me list of domains with their real ftp accounts usernames and send me database name and password of one web which have webhosting at us.
    Website where he know db name and password using wordpress config.php permissions have on 644
    He created account and upload some scripts with which help he know this.
    How can i avoid this in future?
     
  2. filip212

    filip212 Member

    Joined:
    Aug 22, 2017
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Slovakia
    cPanel Access Level:
    Root Administrator
    .htaccess of that ftp account
    <IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </IfModule>

    and he have many symlinks like config.php:
    Link/shortcut file config.php
    Point link/shortcut to:
    /home2/user/public_html/config.php

    Scripts are from web [removed]
     
    #2 filip212, Aug 31, 2017
    Last edited by a moderator: Sep 1, 2017
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,372
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your server or websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked:

    Log Files To Check After Account Hacked

    Thank you.
     
Loading...

Share This Page