We seem to have a hack on a server. He is just defacing some web site index pages for now. Any advice on where I can go in the system to view the log files to perhaps find any info? Has anyone else been through this and do you have any advice?
Yes we had the same hack happen a couple days ago,
Black background red writing, I heard it was done to several hosting companies at random. Not sure if this is what you had happen. It sounds the same since the hack we heard of only changed the front page to.
Our admin said the security hole was fixed with the 6.0 upgrade.
Does sound like the "guestbook" hack which has been fixed in 6.0. Happened to me as well and I clued in when I seen (in my Cpanel Error logs, so person only needs to check there) where there was an entry for "wget".
That's the only thing they can do/use with the "guestbook" hack and will usually upload an index file and/or image so they can have bragging rights.
Hello everyone,
We also had the same problem yesterday. Suddenly all our virtual servers index pages were changed to a funky page and we have left one in our server for preventing others. You may see tha page at: http://test.megapolis.biz. We dont know if the problem comes from guestbook but we found out a PHP SSH script in demo account! We just deleted the account.
Good luck,
Mashadi
cPanel.net Support Ticket Number: cPanel ID# 16994
Hello everyone,
We also had the same problem yesterday. Suddenly all our virtual servers index pages were changed to a funky page and we have left one in our server for preventing others. You may see tha page at: http://test.megapolis.biz. We dont know if the problem comes from guestbook but we found out a PHP SSH script in demo account! We just deleted the account.
Good luck,
Mashadi
cPanel.net Support Ticket Number: cPanel ID# 16994