The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

account hacked need paid help

Discussion in 'Security' started by tloosle, Jan 1, 2012.

  1. tloosle

    tloosle Active Member

    Joined:
    Nov 4, 2009
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    I am looking for a paid support solution to a cpanel server hack.

    Only one account on the server seems to be affected. The .htaccess in every directory under public_html is being changed to malware, or redirected to a .ru site. If I delete the file, it will reappear within minutes.

    I have found info about a wordpress theme and tinthump.php, but that file is not on the server.

    I did pay mycpadmin . com, but their support has been totally useless.

    I am looking for real help and I am willing to pay for this help. Please contact me via pm here.

    Thank you
    Tony
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. Bullten

    Bullten Member

    Joined:
    Dec 31, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I dont think timthumb would still exist because all themes and plugis are updated to stop that exploit. The problem we have is the third part plugin that coders provide for our wordpress blog. 90% of wordpress sites are hacked because of that.

    Just to stop automatic creation of htaccess file create one with 444 permission and new htaccess wont be created as it wont override its permission
     
  4. ilihost

    ilihost Member

    Joined:
    Jul 28, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    Is your problem solved? If yes, we recommend you the use of a very good plugin. We use it in all our network. It protects your server from malware uploads via http and FTP and scans it every night.

    The address is /http://pyxsoft.com

    It will help you to find the malware and it blocks all timthumb vulnerabilities via mod_security.
     
  5. ilihost

    ilihost Member

    Joined:
    Jul 28, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    is your root password compromised?
    did the hacker access your system files?
    did the hacker install a rootkit?
    or just your customer's accounts?
     
  6. faisikhan

    faisikhan Well-Known Member

    Joined:
    Dec 12, 2011
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Islamabad, Pakistan
    cPanel Access Level:
    Root Administrator
    Hi

    1. Yeah seems that your account is hacked so you will have to suspend it immediately.
    2. Try to Remove the scripts where ever you find, delete the installed files and clear the Exim mail queue.
    3. Please make sure that the attack wasn’t able to probe any deeper into the server so you have to monitor it closely.
    4. The account's password will need to be changed ASAP.
    5. Roll back the original affected CPanel account to an earlier backup and change all the account's FTP, SSH and MySQL passwords.
    6. Update WordPress/Joomla/CMS plugins/versions to the latest available, this can be the root cause as using older packages mostly helps hackers to enter such files.
    7. I hope you have firewalls enabled and running & if not please do so.
    8. Make the server more secure using that link: /http://www.whmsecurity.com/linux-security/7-how-whm-cpanel-hardening-security-basics-part-1-a.html
    9. Also did you take any help from your Host??
     
Loading...

Share This Page