Got a Hack.... need to view log files

Johnnie Nelke

Active Member
Jan 9, 2003
37
0
156
USA
We seem to have a hack on a server. He is just defacing some web site index pages for now. Any advice on where I can go in the system to view the log files to perhaps find any info? Has anyone else been through this and do you have any advice?
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,723
27
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
Yes we had the same hack happen a couple days ago,

Black background red writing, I heard it was done to several hosting companies at random. Not sure if this is what you had happen. It sounds the same since the hack we heard of only changed the front page to.

Our admin said the security hole was fixed with the 6.0 upgrade.
 

Website Rob

Well-Known Member
Mar 23, 2002
1,504
1
318
Alberta, Canada
cPanel Access Level
Root Administrator
Does sound like the "guestbook" hack which has been fixed in 6.0. Happened to me as well and I clued in when I seen (in my Cpanel Error logs, so person only needs to check there) where there was an entry for "wget".

That's the only thing they can do/use with the "guestbook" hack and will usually upload an index file and/or image so they can have bragging rights. :)
 

Johnnie Nelke

Active Member
Jan 9, 2003
37
0
156
USA
Thanks for the ideas....... I appreciate the replies. Hopefully this will help.
 

megapolis

Member
Feb 22, 2003
6
0
151
Got a Hack.... index.html

Hello everyone,
We also had the same problem yesterday. Suddenly all our virtual servers index pages were changed to a funky page and we have left one in our server for preventing others. You may see tha page at: http://test.megapolis.biz. We dont know if the problem comes from guestbook but we found out a PHP SSH script in demo account! We just deleted the account.

Good luck,
Mashadi

cPanel.net Support Ticket Number: cPanel ID# 16994
 

megapolis

Member
Feb 22, 2003
6
0
151
Got a Hack.... index.html

Hello everyone,
We also had the same problem yesterday. Suddenly all our virtual servers index pages were changed to a funky page and we have left one in our server for preventing others. You may see tha page at: http://test.megapolis.biz. We dont know if the problem comes from guestbook but we found out a PHP SSH script in demo account! We just deleted the account.

Good luck,
Mashadi

cPanel.net Support Ticket Number: cPanel ID# 16994