The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel hacked(?)

Discussion in 'General Discussion' started by Jelmer, Mar 12, 2004.

  1. Jelmer

    Jelmer Registered

    Joined:
    Mar 12, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Well, the big problem started Wednesday, I tried to update my site using FTP, but I couldn't get in as it said the password was wrong. Since the FTP password is the same as the one of cpanel, I tried to login there which worked...for a day. I noticed that cpanel was doing pretty strange, couldn't add a contact mail anymore, IP bans were suddenly all deleted and more. Yesterday, my whole site was completely off, when I got to my main page I got:

    ndex of /
    Name Last modified Size Description
    --------------------------------------------------------------------------------
    Parent Directory 10-Mar-2004 19:16 -
    cgi-bin/ 10-Mar-2004 02:36 -


    --------------------------------------------------------------------------------

    Apache/1.3.29 Server at pokejello01.pkmn.co.uk Port 80

    Now I can't login to cpanel or by using FTP anymore, and it seems that really everything is completely off...Could anyone please tell me what this all is? Is it a hack or?
     
  2. ddeans

    ddeans Well-Known Member

    Joined:
    Feb 13, 2004
    Messages:
    296
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Maryland
    I am guessing that this is not your server?

    Try contacting your hosting provider and ask them what happened to their server. They can reset your password for you too.
     
  3. WeMasterz5

    WeMasterz5 Well-Known Member

    Joined:
    Feb 24, 2003
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Miami
    and sorry, just because you files are gone does NOT mean cpanel was "hacked" you password may have been compromised
     
  4. BrightAdmin

    BrightAdmin Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Hi Jelmer,

    As suggested by ddeans may be i too think the same.Please contact your hosting provider with the details and ask him to reset your Cpanel password. You can ask him to further investigate this matter.

    Regards,

    Bright:)
     
  5. Jelmer

    Jelmer Registered

    Joined:
    Mar 12, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    All thanks for your advice:)
     
  6. SupermanInNY

    SupermanInNY Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    255
    Likes Received:
    0
    Trophy Points:
    16
    Passwork hacking etc...

    I have in place a nice protection against hecking:

    My wiz-techi guy put a nice script.

    Ports 2086 and 2087 are closed!

    Hold on.. .I know ..... read more:

    I have a URL that when clicked on it,.. it initiates a cGI script
    that opens the ports and triggers a crond that
    after 25 minutes (or whatever time you set the script to)
    then closes these ports.

    So if you want to protect ROOT from hecking attempts,.
    This is surely going to keep outside users frastrated for the most part as they can't even access the login screen.

    Naturally the Open Ports scripts sits in a regular password protected directory (any name and any password will) and knowbody knows about it. Even if they would know about it...
    (unlikely that they would figure both username and password) they still need to crack the ROOT password.

    I think this should be integrated into WHM as a default protection feature.
    Otherwise,.. what is the point of having root blocked from SSH2?

    -Alon.
     
Loading...

Share This Page