The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

all sites hacked

Discussion in 'Security' started by coldclimber, Dec 12, 2011.

  1. coldclimber

    coldclimber Active Member

    Joined:
    Aug 19, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    I seem to have an issue with my whm.

    On all my sistes today there was an iframe that appeared at the bootom of each site, in the code

    Code:
    <iframe src=""></iframe>
    Now in the sites there is a folder full of html files showing another website, i can delete the files and then they come back straight away, i can not change permisions, I have tried everything to get rid of them but they keep appearing.

    I have changed the ftp passwords, the root password, scanned with clamav, done all the usuall but nothing changes this is one hack i am stummped to fix.

    I own the domain coldclimbs.co.uk but it is not hosted anywhere now and i had the account on the server in question, but have since deleted the whole account.

    Any help or sugggestions would be usefull.
     
    #1 coldclimber, Dec 12, 2011
    Last edited by a moderator: Dec 12, 2011
  2. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Did you check the .htaccess files?

    They probably have some directives which should not be there.

    You should also check the ownership of the folders and files and also check the file permissions.

    You may also want to check the current processes running.
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    It really depends on how the files/folder are getting there; you need to check whether it was ftp or from another source. May be worth hiring an admin if you own the server.
     
  4. Lenterakecil

    Lenterakecil Registered

    Joined:
    Dec 26, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    It could be through a theme or a plugin. possible
     
  5. faisikhan

    faisikhan Well-Known Member

    Joined:
    Dec 12, 2011
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Islamabad, Pakistan
    cPanel Access Level:
    Root Administrator
    Hi

    There can be numerous reasons of websites being hacked, the reasons & solutions can be:
    1.Make sure all of those sites are up to date with the latest versions, Plugins etc including any modules they use for them.
    2. Most of the users don't update when they think their website is working perfectly & do not check for the updates which makes an ease for the hackers to hack the sites.
    3. Immediately change FTP password of your effected account/s to a stronger one. Make sure all passwords are mixture of alpha-numeric and not a dictionary word.
    4.In your control panel, activate archive option of your web logs in Raw Log Manager, this will give you the opportunity to check how the hacker exploited one of the scripts.
    5.Download all your web data locally and scan it using an updated anti-virus software.
    6. Beware of 777 permissions, this gives all the rights to everyone.
    7. Immediately contact your host for more help & assistance.
     
Loading...

Share This Page