helmers99

Registered
Nov 6, 2004
2
0
151
help

WHM 10.8.0 cPanel 10.9.0-C56

this is what is says in the top of whm admin. does that mean its current?
 

adept2003

Well-Known Member
Aug 11, 2003
283
0
166
~ "/(extra|special)/data"
It is the latest current release that you're running. Actually, the latest update addressed an exploit that I believe can only be implimented by a user on your server, so its unlikely that you was hacked via a cPanel exploit.

More likely is that you're running a vunerable php script (old version of php nuke or phpbb perhaps?)

Whatever software you have running on your website, just make sure that it's patched with the latest updates available.
 

blakeh

Registered
Nov 5, 2006
3
0
151
My server got hacked same thing saturday afternoon. All index pages replaced and redirecting to an iframe on ahleen.info.

I had the latest cpanel update installed. Folks over at hostgator are working on it. Don't know how they got in.

bh
 

david.roman

Member
PartnerNOC
Jan 16, 2006
12
0
151
Same Here

We have one machine hacked too,
WHM 10.8.0 cPanel 10.9.0-C31
RedHat Enterprise 4 i686 - WHM X v3.1.0

In our logs we see the attacker has logged-in trough the pure-ftpd downloading and uploading the index files with the cpanel users.

Regards
 
Last edited:

blakeh

Registered
Nov 5, 2006
3
0
151
not sure what kernel we were on.

Seems our attacker got the spamd user shell access and logged in that way, but somehow found out the root pw and ssh port.
 

xerophyte

Well-Known Member
Mar 16, 2003
216
0
166
Canada
Best way to restore the server and restore the public_html files from the backup,

1) Restore the system with fresh OS
2) Secure the server after restore
3) restore all the user data from the old drive
4) Restore all the hacked index files
5) keep updating the server from old software

hope that helps
 

blakeh

Registered
Nov 5, 2006
3
0
151
Where does the info for the various dns zones get stored or backed up?

Hostgator reloaded my box and restored the cpanel backups but all my dns zones have been reset and my customers are going bananas.

bh
 

Gary O

Registered
Nov 8, 2005
2
0
151
I have the same problem today.

Funny I updated Cpanel 2 days ago.

All pages forward to that page in the first post. Now I could not get to any page at all. I did a reboot and then all pages went down I can not get to any of them it gives me the

The page cannot be displayed

I went through shell and can not find aything at all now. But iut still will not load for me. I forced a Cpanel update via shell now too.

I make sure the cpanel is updated all the time.

All files are there. Nothing else was touched.

And all scripts on the server are up to date.

any help will be great thanks
 

Gary O

Registered
Nov 8, 2005
2
0
151
Got an update.

HTTPD is not running and will not reboot. This is why the sites are not showing duh gary.

So I am now forcing a system reboot. I will see if this fixes it.
 

HelloAdam

Well-Known Member
Nov 6, 2005
145
0
166
Hey,

Well as the post above says, you will want to reload the OS on the server. I hope you had accounts backups before you got hacked. If not then its uselss of backing them up now.

From,
Adam