The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Account Hacked

Discussion in 'Security' started by felz, Dec 31, 2011.

  1. felz

    felz Member

    Joined:
    Aug 4, 2011
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    all blogs/websites in one account is defaced by hacker,


    I have 2 clients hacked this day
    I track the IPs and other logs but found nothing.
    I've been using CSF, may be wordpress bugs, I dont know..
    please help if anyone know about this
     
    #1 felz, Dec 31, 2011
    Last edited by a moderator: Dec 31, 2011
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,456
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. Bullten

    Bullten Member

    Joined:
    Dec 31, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Take some prevention. Keep all the script updated like wordpress/joomla and alll. Try to avoid thrid party plugins because i found most of them are vulnerable. If user is infected with keylogger or trojan even you cant do anything.
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    It could be a whole lot of things, and it's really difficult to diagnose remotely. A good set of mod_security rules will help, but get someone who understands them to install them. Also make sure you are running suphp or phpsuexec or fastcgi. And add the symlink patch that was published here a while back. And keep your sites up to date and patched - I think there's a wordpress plugin that will remind you when your site is out of date.
     
  5. JerrySmith

    JerrySmith Active Member

    Joined:
    Apr 21, 2011
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    There are a number of ways accounts may be hacked.

    While this is in no way a complete list, I would recommend keeping your passwords unique and your scripts up to date. It is also a good idea to ensure your local computer is free of keyloggers, malware, etc... I've seen quite a few times where several accounts were "hacked" simply because someone found a reseller account's password (usually through the reseller's compromised local computer).

    If at any time you feel you were compromised due to an issue with cPanel, please submit a ticket to us so we can investigate for you.

    https://tickets.cpanel.net/submit/index.cgi?step=2&reqtype=tickets&product=
     
  6. ilihost

    ilihost Member

    Joined:
    Jul 28, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I recommend you to read this website: /http://www.pyxsoft.com
    It will help you a lot.
     
  7. vincentg

    vincentg Well-Known Member

    Joined:
    May 12, 2004
    Messages:
    140
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    new york
    Well I found a way to quickly find a template files that was altered.
    If it's writing files to temp just shell in and chown and chgrp all files it wrote to nobody.
    This of course is assuming you have suphp

    The hacker script will error and right on your main page or what ever page was altered will show file and the line error.
    Why I didn't think of this right away - would have saved me a few hours.
     
  8. lemmespeak

    lemmespeak Registered

    Joined:
    Feb 20, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Great info.
     
  9. tquang

    tquang Member

    Joined:
    Sep 22, 2011
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    You don't have to need worry about that. May be:
    _Simple password
    _Sniffed when go out, public place
     
Loading...

Share This Page