The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Got a Hack.... need to view log files

Discussion in 'General Discussion' started by Johnnie Nelke, Mar 1, 2003.

  1. Johnnie Nelke

    Johnnie Nelke Active Member

    Joined:
    Jan 9, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    We seem to have a hack on a server. He is just defacing some web site index pages for now. Any advice on where I can go in the system to view the log files to perhaps find any info? Has anyone else been through this and do you have any advice?
     
  2. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    Yes we had the same hack happen a couple days ago,

    Black background red writing, I heard it was done to several hosting companies at random. Not sure if this is what you had happen. It sounds the same since the hack we heard of only changed the front page to.

    Our admin said the security hole was fixed with the 6.0 upgrade.
     
  3. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Does sound like the "guestbook" hack which has been fixed in 6.0. Happened to me as well and I clued in when I seen (in my Cpanel Error logs, so person only needs to check there) where there was an entry for "wget".

    That's the only thing they can do/use with the "guestbook" hack and will usually upload an index file and/or image so they can have bragging rights. :)
     
  4. Johnnie Nelke

    Johnnie Nelke Active Member

    Joined:
    Jan 9, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA
    Thanks for the ideas....... I appreciate the replies. Hopefully this will help.
     
  5. megapolis

    megapolis Member

    Joined:
    Feb 22, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Got a Hack.... index.html

    Hello everyone,
    We also had the same problem yesterday. Suddenly all our virtual servers index pages were changed to a funky page and we have left one in our server for preventing others. You may see tha page at: http://test.megapolis.biz. We dont know if the problem comes from guestbook but we found out a PHP SSH script in demo account! We just deleted the account.

    Good luck,
    Mashadi

    cPanel.net Support Ticket Number: cPanel ID# 16994
     
  6. megapolis

    megapolis Member

    Joined:
    Feb 22, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Got a Hack.... index.html

    Hello everyone,
    We also had the same problem yesterday. Suddenly all our virtual servers index pages were changed to a funky page and we have left one in our server for preventing others. You may see tha page at: http://test.megapolis.biz. We dont know if the problem comes from guestbook but we found out a PHP SSH script in demo account! We just deleted the account.

    Good luck,
    Mashadi

    cPanel.net Support Ticket Number: cPanel ID# 16994
     
Loading...

Share This Page