The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Am I hacked, infected or just stupid?

Discussion in 'General Discussion' started by Anomaly1974, Aug 26, 2007.

  1. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    I just got back online after six months offline (Due to storms) I began rebuilding my sites so I could start making a little money.

    Two days ago now everything was working fine. Then I went to check my email and server timed out, no biggie. I thought. Tried to connect my ftp program (WSF32FTP) and it looked like it was connected to my site until I tried to transfer files and said it was not connected. I hate trying to transfer files in CPanel when I am redoing the whole site, at twelve files at a time it takes a long time.

    Now I cannot access CPanel, I cannot access ftp to my domain and I cannot get emails and ... I cannot even access any of my five sites with my computer online. I can browse them fine on other systems but I cannot log into CPanel at all. My Server Site said they had no other complaints, much less anything like this.

    I thought it was a virus at first but now not being able to access CPanel from any systems has me worried. Not being able to access any of my web pages from my computer while being able to browse them on other computers is just confusing.

    I have been to every tech site I can find and nobody can seem to come up with an answer. Since this problem seems to be growing worse, I would like to find a solution soon. I get my five web pages from a friend who who owns a reseller hosting company. I realize that he has to escalate but when he made an inquiry, the actual hosting company knew nothing about any such problems.

    Does anybody here have ANY Ideas? I am at my wits end. I have been told to do everything from wipe CPanel and reset everything and start from scratch to wiping zeros on my hard drive. At least if I could narrow down the problem, maybe I could get away with not having to redo EVERYTHING from the beginning.

    "Help? Please?" he cried meekly.

    Thanks

    Ward Tipton
     
    #1 Anomaly1974, Aug 26, 2007
    Last edited: Aug 26, 2007
  2. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Do you own the server the site is hosted on? It sounds like you are a shared hosting customer. Which would mean you are at the mercy of the host.
     
  3. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    Shared

    It is a shared server. My buddy owns the reseller site but he has to go through the top. Basically what I am looking for is a "Why" and "How" this happened. At this stage of the game I am thinking seriously to install Linux on my PC and reset all my CPanel to default and just restore some files from backups. I do not know what else to do. As for your response, yeah, I already knew that but none of their other customers are reporting any problems makes me wonder.

    The fact that I can access my sites from other computers but not from mine makes me wonder if it is my system which is infected.

    The fact that I now have no ftp access from ANY computer makes me wonder if my CPanel access has not been compromised or is infected or hacked.

    Put the two of those together and it really bugs me. Pun intended.

    Thanks for your response
    Ward
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not much you can do if the host says no problems and the reseller who sold account to you has no clue.

    That is, except to move.
     
  5. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    Relevant?

    Curious, it may be relevant and it may not be but I am noticing that almost all of the images on my website now have .ht in between the file name and the extension. Thus my head.jpg now is head.ht.jpg


    Does that indicate anything?

    Thanks
     
  6. AtlantisService

    AtlantisService Active Member

    Joined:
    Mar 15, 2007
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    It really does sound like a problem.... First lets see if we can "clean" your pc from any possible infection.

    http://www.kaspersky.com/

    Kaspersky is one of the top leading anti-virus programs in Europe, Asia, and now in The USA. Try the 30 day demo. I would recommend the suite as it also has a built in firewall, anti-root kit, anti-key logger, anti-spyware, anti-riskware, and much more.

    Do a complete scan on max setting. The 1st scan can take a long time. But Kaspersky uses "swift" so future scans only do deep scans on changed or new files.

    If everything runs clean and you don't find any problems. It maybe just the host and it is time to seek out a new one. If it does find something, clean your pc and alert your host of your findings. From what you've said here, its not just your system with the problem.
     
  7. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    IE Yuk

    Installed active X on IE6 and downloading it now. I have to believe that someone has accessed my servers since I cannot and my IP seems to be blocked. Or rather, a block of IPs seem to be blocked here. What really confused me is that my email seems to be working intermittently. I actually downloaded 71 emails on one of the accounts. Last time I could access CPanel it did not show any of my accounts under suspension. I talked to my friend I get the sites from but he did not answer while he was online. It could be that he has to wait until Monday his time to accomplish anything.

    In the meantime,

    Thanks

    I am downloading now and will let you know the results. I would hate to have to move but if that is what it takes, without my web page I am relegated to writing crap articles for less money than I care to even think about.

    Should I have downloaded the trial version instead of doing the online scan? I would suppose so since that is what you stated. I will do that when I am done. I am getting really frustrated so maybe I am not thinking so well. I need beer LOL
     
  8. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    Firewall settings on your PC? Are you blocking yourself?
     
  9. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    I wish

    I did a system restore to three weeks ago, This has only been happening a couple of days now, been awake most of the time so losing track. I had conflicts with Zone Alarm so I removed it and went back to Windows firewall. No luck with it on or off and if I try and access CPanel from this computer it just keeps trying to load.

    If I try and connect to CPanel from any other computers, it routes me to one of my error pages. Though since I did not mark them, I do not know which one. (I am fixing that now in hopes of getting back online)

    If my account was suspended I do not think my email would work at all from any of the sites but I get intermittent emails from two. I have not received any emails stating that it has been suspended either and I have that email in another location just in case it ever did happen.

    No scan has been able to find anything yet and I think my buddy has to wait until Monday to check with whoever he has his reseller account with in order to get everything reset there for me. I am seriously considering going back to PCLinux and just trying to find a replacement for Dreamweaver and Adobe Pro but I need those programs for my web pages and work. Else as I said, I am down to making nothing and working all day long to make a living with no time to make money. I just got back online after losing everything I owned in a storm so this is getting kinda desperate.

    I cannot even get into CPanel to reset my account :(

    Any ideas would be great!

    Thanks

    Ward
     
  10. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    I would start by using IP's instead of a domain name in all my connection attempts to eliminate possible DNS errors. :confused:
     
  11. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    Viable ... except

    Okay, that is the first real answer for connecting and maybe being able to at least wipe my account and start from scratch. It sounds viable but ........ I do not know the IP :"> How would I go about tracking that down? That still would not allow me to get back into CPanel though would it? I am convinced, whether there is anything on my system or not that my CPanel account has been hijacked for whatever reason. Linux Rocks, rocks break windows! Coincidence?

    For now I am running the online version of this Kaspersky and when that is done I will dl the trial version and start over again. I need to put one of my Linux OS's on my system and hope I can get reset on my CPanel and WHM. Which leads to two questions and one comment.

    What kinds of packages and pricing do you offer?

    How do I reset my CPanel to default and empty if and when I ever get signed back in or is this something the big server host must take care of?

    And the comment is that I love your sig LOL
     
  12. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    You must have another person in the outside world try to do some of the things you are trying to see if they get the same response. If they do not have the same problems then it is your PC or your local network. But thats the first thing I would do.

    If it is just your computer then it would seem more like a dns issue or a firewall misconfiguration.
     
  13. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    Me too

    I did have. I had friends all over the US browse my sites and a few people here in Asia. I had no problem browsing the site from another connection but no luck from mine even after changing my IP by a couple of digits. (Reset my connection)

    If I can get one of my friends whom I trust online and who is willing to take some time, I will try and have them connect to CPanel but until I see them, that part is out.

    I have thought about it but every idea brings me closer. Thank you

    Ward
     
  14. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    What confuses me most I think are the intermittent emails, the fact that trying to connect to Cpanel from other connections here locally only take me to an error page and when I try and connect from my system, it just keeps loading and loading without ever getting anywhere, kind of like the energizer bunny on a double dose of thorazine. No time outs, it just keeps on going but nothing happens.

    DNS Problems? Server side or with me? Interesting.

    Please explain how I would investigate this.

    Thank you
     
  15. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    I just did. You must let someone try to do all the functions you cannot. You should not have to give them passwords, just see if they can trigger the login screens for things like
    cpanel functions. If you do not see ANYTHING, not even the login then all they need is just the url. If they do see the logins, ftp server response, etc, EACH AND EVERY TIME but you do not then its your machine or network.

    Also you can try to go to other peoples servers to do the same, if you know of another cpanel box in the world do the same functions, without the user/pass combo's to see if you can talk to their boxes at the same ports. If you do not get the normal logins, etc then you probably have some kind of firewall or network issue.
     
  16. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    Lol

    I just sent you an email asking you to do that. Although I did not include passwords. We must have been writing at the same time. I suppose I could try with other sites but I would be searching blind and I do not know anyone else here who uses cpanel.


    Still trying

    Thanks
     
  17. koolcards

    koolcards Well-Known Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    go here:

    http://network-tools.com/default.asp

    a ping or trace or checking the DNS will show you the IP address

    :(
    Only thing left I can think of is your ISP. under 'start', 'run', type in "tracert" space, followed by whatever your domain name is to see if your ISP can resolve the domain (which will also give you the IP)


    and, yes, your cpanel would be http://xxx.xxx.xxx.xxx:2082 or https://xxx.xxx.xxx.xxx:2083


    Thanks ;)
    one of my others is:
    "Deja Moo: The feeling that I've heard this bull before"
     
  18. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Your server is not responding to the aliases set for the cpanel functions, rather it is responding to the ports.

    Replace the "/whm" with ":2086"

    Be sure to use the "http://" prefix or it wont know what protocol to use.

    http://www.yourdomain.com:2086

    or 2082 or whatever.
     
  19. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Dont worry about that for now. Did you try to use the last messages instructions I gave you?
     
  20. Anomaly1974

    Anomaly1974 Member

    Joined:
    Aug 26, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Currently in the Philippines
    Trace

    It times out between twenty and twenty one hops


    Ummmmmmm

    What does that mean? :eek:
     
Loading...
Similar Threads - hacked infected stupid
  1. xtronica
    Replies:
    9
    Views:
    659

Share This Page