The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

All of my site has been hacked, please help me

Discussion in 'Security' started by jamesalan, Sep 6, 2011.

  1. jamesalan

    jamesalan Member

    Joined:
    Jun 27, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi all of my sites that hosted on cpanel has been hacked. I have some wordpress and joomla site on the sever and the hacker hack the entire sites by deleting all the files and folder of my server and placing one index.html file that showing "Hacked By Harde2008 - Kurdish HackerZ".


    I already informed my hosting server about it, but after they recovered my sites, again a few hrs the sites hacked. I a really feeling worried. I see on my sever some suspicious file like harde.php file on the root and on some inner files.

    Please inform me how to get rid from such type of hacking and how to make my server more secure from further hacking.

    Thanks
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    201
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should make sure all of those sites are up to date with the latest versions, including ANY mods they use for them. Users don't like to bother updating when they think the site is working perfectly, or they want functionality a mod provides and and don't bother to check for updates to it. That mindset can get a site destroyed quickly once the bad guys find it.
     
  3. AunRaza

    AunRaza Member

    Joined:
    Feb 4, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    There are something you can do to ensure that it wouldnt happen again, Immediately change FTP password of your effected account to a stronger one. Make sure all passwords are mix of alpha-numeric and not a dictionary word. check all vendor/developer sites for ALL web scripts/applications used in your account for any update including any mod you may be using in any web application. If you are using any open source web application, that may be the prime suspec.In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats.Use SFTP instead of normal FTP to upload files to your account.Download all your web data locally and scan it using an updated anti-virus software.
     
  4. AunRaza

    AunRaza Member

    Joined:
    Feb 4, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    First of all ensure to change your password, and keep strong passwords, Download all your web data locally and scan it using an updated anti-virus software. Ensure you all third party scripts are on the latest stable releases as in the case of outdated versions such issues are more likely to occur. In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats. If you have already been hacked, its too late now but you can archive the logs for future attacks.
     
  5. Smaily

    Smaily Well-Known Member

    Joined:
    Sep 19, 2011
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Most likely config files where database access is written in are all 777 chmodded. Suggest you to turn on suphp from whm and turn off suexec. Users who have vulnerable permissions will get error message 'internal server error' until they fix permissions to more secure. I noticed attacks too few months ago on servers which I didn't had suphp enabled.

    Files you have get swapped too when you have 777 permissions. Its basically write rights to everyone.
     
    #5 Smaily, Sep 20, 2011
    Last edited: Sep 20, 2011
  6. jamesalan

    jamesalan Member

    Joined:
    Jun 27, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Sorry for late reply, but now my server is fine. Actually I uploaded some wordpress theme files which were supposed to be infected and after that all of my sites had been infected. I contacted to my web hosting company and they recovered all of my sites
     
Loading...

Share This Page