Compromised wordpress and file permissions question

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Yea that one. It made no sense to me. My provider has a firewall but apparently it's not much cop.
Feel free to create a new thread here if you want to give it another go and have any questions about the installation/configuration process with CSF. While it's not an application we directly support or develop, it's widely used by cPanel administrators so you're likely to receive some good feedback/assistance.

Where would i find this file and how do i open it?

[email protected] [~]# cd etc
bash: cd: etc: No such file or directory
[email protected] [~]#
You'd use "cd /etc" in the above example. Or, just define the path when editing the file using your preferred command line text editor. EX:

Code:
vi /etc/my.cnf
The following document is a good place to start when using Linux commands:

Getting Started with Linux Commands - cPanel Knowledge Base - cPanel Documentation

For help using the "vi" editor, here's a useful third-party resource:

How to Use the vi Editor

Once you've made your changes, restart MySQL to activate them:

Code:
/scripts/restartsrv_mysql
Note: It's always a good idea to backup your configuration files before editing them in-case you do something wrong and need to restore the previous version. For example:

Code:
cp -a /etc/my.cnf /etc/my.cnf.backup1
Thank you.
 

Thunderchild

Well-Known Member
Jan 28, 2018
86
3
8
UK
cPanel Access Level
Root Administrator
Hello @Thunderchild,

It's unfortunate to see that one of your accounts was compromised. That's never a good experience, and not knowing the source of the attack can be unsettling. I'd like to help get you moving forward in the right direction.

Do you happen to know which version of WordPress was installed? One of the more common targets for hackers are outdated installations with unpatched vulnerabilities. If it was a brute force attack, the following thread includes some useful discussion on how to help prevent those in the future:

wp-login.php and mod security



Here's a thread where this option is discussed in more detail:

Apache vhosts are not segmented or chroot()ed

Feel free to respond to that post if you have any additional questions about that particular option and we can continue the discussion there.



Generally the best approach to address this warning is to add the following line to the /etc/my.cnf file so that MySQL does not listen to connections on all interfaces:

Code:
bind-address=127.0.0.1


Do you happen to remember the name of the firewall application you installed? The most common one we see used with cPanel & WHM is CSF by ConfigServer. I'm happy to help troubleshoot any issues that arise post-installation if you'd like to give this one a shot.

Thank you.
Right this one is fixed.
 
  • Like
Reactions: cPanelMichael