The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF, cpHulk, all kind of security, and I get hacked.

Discussion in 'Security' started by nourjabi, Sep 1, 2013.

  1. nourjabi

    nourjabi Active Member

    Joined:
    Jun 24, 2013
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi everyone,

    I'm new here, and I hope I posted this in the right location.

    I have a Dedicated Server from iWeb Servers Canada.

    Recently I have been attacked from hackers so much, they keep getting in and messing around with my clients Index files using Mass.SH hacks.

    I installed CSF today ( Had some hard time configuring it and got my self locked out couple times). But fine now.

    Can you help me figure how those hackers are getting in? Security holes? or something?

    ps: they managed to clear Secured logs for SSH everytime, so I have no SSH log to see how and where they messed around.

    thanks a bunch!
     
  2. georgeb

    georgeb Well-Known Member

    Joined:
    May 23, 2010
    Messages:
    48
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Montreal, QC, Canada
    cPanel Access Level:
    Root Administrator
    CSF has nothing to do with this kind of hack, you have to control anything that is uploaded to your server, control who is using SSH etc. Many things...If you believe that just installing CSF you are safe, you are wrong, CSF is great but you have to control any file that is uploaded to your server. You can use CXS (with Mod Security) from Config Server, or your own scripts, elaborate security inside your server, control who is connected via SSH etc, check logs, inform you when any other is connected root via SSH. There are many things to check, not just wait until the hacker is inside your server. Many things to do...If you don't know to do those things it is better to hire somebody who knows, like this you'll save a lot of money not been hacked....


    Regards
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Most of the time hackers get in through an outdated website, often joomla or wordpress with old plugins.

    If they are able to erase root-owned logs, then it is very likely your kernel was old and let an exploit on one hacked site escalate to root priveleges.

    At this point you need to have your host make a new server with a clean operating system, new kernel, and new root password, and then migrate all of your users to that server. The sites should be scanned for malware by a professional, ideally prior to moving the to the new server.
     
  4. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Basically hacker are using shell scripts to excite any perl scripts on server so you will have to scan your all websites for the shell scripts, You can find out shell scripts through maldet (LMD) scan.

    Also install ConfigServer eXploit Scanner and mod_Security on your server
     
  5. Easylife

    Easylife Registered

    Joined:
    Aug 13, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    maybe your computer system has its own problem, and hacker stolen all these files by vicious code,so I suggest that you should reinstall the system.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's a good idea to consult with a qualified system administrator if your server has been rooted. Going forward, the cPanel Security Advisor Addon may be useful for helping you to determine which options you can enable on your system to improve security:

    cPanel Security Advisor Addon

    Thank you.
     
  7. nourjabi

    nourjabi Active Member

    Joined:
    Jun 24, 2013
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    thanks everyone for your info, i will look into it. and report if any succed:)
     
  8. nourjabi

    nourjabi Active Member

    Joined:
    Jun 24, 2013
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I have worked out few CSF modifications, and ran CSF Security test, and fixed many holes here and there, and seems everything is smooth and all those IPs trying to hack into the server are blocked. :) thanks everyone
     
  9. inthukha

    inthukha Well-Known Member

    Joined:
    Jul 17, 2013
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Well, i m still suggest you to run clamd, LMD, rootkit hunter as well for detecting exploits. because if they change the logs it means they can do anything if their exploit existing in the system.
     
Loading...

Share This Page