The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best WHM/cPanel Book & Security

Discussion in 'Security' started by cmariomej, Dec 18, 2006.

  1. cmariomej

    cmariomej Member

    Joined:
    Jan 17, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hello all:

    I'm new to all this and would like to get suggestions from the pros on what you think is going to be the best book to learn how to manage the WHM/cPanel. It doesn't have to be a book, it can be any type of resources like websites, forums (other than cpanel.net), any documents, etc.
    I just got a private server and promptly realized that I need to get more in deep into all this web hosting stuff.
    And the last one... after one week of configuring DNS and other stuff I got hacked last night. The hacker uploaded a file called sweetdemon2.php deleting all my files on the account, I don't know how, I guess it was because I had enabled anonymus FTP which of course I already disabled... if you are so kind and know about it, please also include suggestions for security and how to do at least the basic security stuff. Please have in mind that I'm a begginer so at least try to point me to a easy, understandable, step by step tutorial or instructional publication.

    Regards, :)

    Cmariomej
     
  2. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
  3. cmariomej

    cmariomej Member

    Joined:
    Jan 17, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Thanx for your reply... By the way, I got the hacker's IP, must be a beginner otherwise he would be using a tool to hide it... what can i do with it? can i call FBI or go to some website to denounce his activities? where?
     
  4. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    First of all I suggest you get your server setup with some basic security measures.

    There is a good thread here: http://forums.cpanel.net/showthread.php?t=30159

    That goes through setting up APF (Iptables based Firewall) and various other bits.
     
  5. cmariomej

    cmariomej Member

    Joined:
    Jan 17, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Thank you... I was looking for that specific thread, I saw it a while ago and couldn't find it... :D
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    cmariomej, I would say there is a 98% chance that you don't actually have the hacker's
    IP but rather the IP of some innocent 3rd party who got hacked just like you so reporting
    the IP to the FBI or similar is probably pointless although if it is someone else like you
    then they will probably want to know about their server being used like that.

    Anyway, server and network security is my specific specialty and primary field of
    professional expertise and the very best in the business at what I do.

    Given that you have been hacked, I would be glad to take a look at your server for
    you and see what I can see and you don't have to worry about any charges just to look
    things over and evaluate what has happened on your server. It would be a good idea
    to do at least that to make sure you aren't more compromised than you think.

    Then depending on how good or bad things are and what all needs to be done to get
    you up to a more secure and less vulnerable place, then we can discuss what your
    options are and the best course of action.

    Send me a PM if you want me to take a look at things for you.
     
  7. cmariomej

    cmariomej Member

    Joined:
    Jan 17, 2006
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hi Spiral... well, you can call me paranoic but the reason I go for the remaining %2 of chances that i have the hackers IP is that yesterday at about 5PM I was working on moving some sites to the new server which by the way most of the transfers failed. I use skype with my nice company's logo in it that has my website's address printed on top of it and suddenly someone IM me a nice "hi"... the person started asking me questions like "where are you from" and things like that. Since I was a little bit bored I replied "I'm from Miami, Florida... where are you from?", The person told me "antalya", after a quick Google search i found it was Turkey... I use an application with skype that gives me map and IP of the person I'm chatting with which I find pretty cool and I confirmed the location there.
    We ended up our conversation because she didn't speak English very well besides I promptly realize that the person's nickname doesn't tells if it's a girl or man... it's a Turkish name.
    After a few hours of work I checked my website at 7:01 (I remember perfectly), then at 7:15 I went to check that again and the hacker's index page was already in place claiming to be a group from sauid arabia and all my files deleted from my account...
    After checking Awstats I found the person's IP on the logs persistently visiting the website from the time we were chatting until the time of the hack. I also compared that to my Web Analytics reports (I pay for that service) and the IP was there along with others from USA...

    So again, I know I have the hacker's IP... what should I do with it? If someone knows please reply.

    In the other hand many thanx for your offer to check my server, I'm currently applying some of the configurations I found on the webhostgear website and cpanel forums to increase security... Tomorrow the techs from my datacenter are going to perform some jobs that I ask them to do and (DNS issues) and as soon as they finish that i will abuse of your generosity and give you access to see if you find something...

    Thanx again :)
     
Loading...

Share This Page