The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel Security Problem

Discussion in 'Security' started by teddymills, Aug 8, 2005.

  1. teddymills

    teddymills Member

    Joined:
    Jul 25, 2005
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1

    I have a Cpanel 9.x and all the updates.
    However someone(s) has installed a SSH-SCAN in /tmp.

    This progam then do a pile of SSH-SCANs on other computers and networks from MY server!

    Not only that, but there are 2 virus's in these binaries!
    Linux RST.B and Linux Backegmm.


    Now my question to you cpanel experts out there is.
    What is my best course of action to take to get this corrected ASAP!!
    This is a commercial server, so I cannot afford to wait it out.

    Thanks in advance.


    BTW,

    Is it me, or is CPANEL not exactly the most secure system?
    In fact it seems to be a prime hackers target.
    To get CPANEL serverrs properly secured, do I have to start doing a lot of customizing?

    /tm




     
  2. Blue|Fusion

    Blue|Fusion Well-Known Member

    Joined:
    Sep 12, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cleveland, Ohio
    Remount /tmp and /var/tmp with noexec,nosuid,nodev options. Remove the file. And update cPanel to the latest version (cPanel 10 is latest now, not 9).
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Also server security is generally outside the realm of cPanel. cPanel is not a security software and should not be thought as one. As with any server (ms or *nix based) you need to do server security for it yourself. That said there are many companies around that can do that for you aa a fair price. See the Ads & Offers area for some sites.

    Another note, do not scrimp on cost when it comes to server security, once you get it done right the first time, it is easier to maintain and keep updated. From the sounds of your situation you need to get that server checked out quickly. If the server has been compromised severely enough, you may have to reload the OS.
     
    #3 dgbaker, Aug 8, 2005
    Last edited: Aug 8, 2005
Loading...

Share This Page