The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Account Compromised

Discussion in 'Security' started by webfyr, Apr 29, 2017.

  1. webfyr

    webfyr Registered

    Joined:
    Nov 1, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    sdsd
    cPanel Access Level:
    Website Owner
    I have an empty account that got random PHP-files last two days. The only thing the account was used for, was redirecting visitors (a index.shtml) file only. So the /public_html contained only one file. So, there was no PHP-scripts on any files on the web-area that could have been hacked.

    I'm using CageFS as well, so no other account should be responsible. The uploaded files has correct owner/group for the account. The uploaded files has been used in emails (links to PHP-files they have uploaded).

    I removed the dir just to test and then they was able to upload again.

    The only method that this should work, is if they have guessed the password and uploaded content. But I don't find anything in the logs to support that? What could possible be the cause of this or how can I best go forward? If the home-area had any script-files, I would just assume the scripts has security holes. But luckily in this case, there was none. So that narrows it down a bit.

    • CLOUDLINUX 7.3 x86_64 standard
    • cPanel & WHM 64.0 (build 18)
     
    #1 webfyr, Apr 29, 2017
    Last edited by a moderator: Apr 29, 2017
  2. webfyr

    webfyr Registered

    Joined:
    Nov 1, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    sdsd
    cPanel Access Level:
    Website Owner
    Update: I found that it was in fact used FTP to login. So somehow, they knew that info.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,615
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Change the account password and setup Two Factor Authentication would help for starters.
     
Loading...

Share This Page