Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

got my cpanel vps chacked today, anyone can helps?

Discussion in 'Security' started by ronanc, May 30, 2014.

  1. ronanc

    ronanc Registered

    Joined:
    May 15, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys, after a long time my vps was chacked today, andd i dont know how

    i received this emails on my admin mails

    Time: Fri May 30 22:19:41 2014 -0300

    Reported Modifications:

    New account [rs] has been created with uid:[546] gid:[557] login:[/home/rs] shell:[/usr/local/cpanel/bin/noshell]

    Time: Fri May 30 21:50:38 2014 -0300

    Reported Modifications:

    New account [wh] has been created with uid:[545] gid:[556] login:[/home/wh] shell:[/usr/local/cpanel/bin/noshell]


    Time: Fri May 30 21:54:38 2014 -0300

    Reported Modifications:

    Account [wh] login shell has changed from [/usr/local/cpanel/bin/noshell] to [/bin/bash]


    Time: Fri May 30 22:25:41 2014 -0300

    Reported Modifications:

    New account [whm] has been created with uid:[547] gid:[558] login:[/home/whm] shell:[/usr/local/cpanel/bin/noshell]



    Any one can help to understand what this changes do?

    After see this i power down the vps!

    How can i revert this changes ???

    Can cpanel crew get acess to the server and helps me???

    thanks
     
    #1 ronanc, May 30, 2014
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,858
    Likes Received:
    89
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    First of all change your root password of your VPS and deleted the all unwanted account which are created on your server. Also disable the all shell access of your cPanel user. And try to scan your server through LMD and Clamscan
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 24x7server, May 31, 2014
  3. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    575
    Likes Received:
    20
    Trophy Points:
    93
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    If your server is root compromised, then the only solution is to reload the operating system, re-install cPanel and restore from backups. There is no guarantee that you will clear out all possible entry points that the hacker may have already put in place.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelPeter, Jun 1, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - cpanel chacked today
  1. speckados

    New Thread Understanding the cPanel and Webmail access logs

    speckados, Sep 20, 2018 at 9:43 AM, in forum: General Discussion
    Replies:
    0
    Views:
    0
    speckados
    Sep 20, 2018 at 9:43 AM
  2. Elizabeta

    New Thread POP3 protocols on cPanel

    Elizabeta, Sep 20, 2018 at 8:13 AM, in forum: General Discussion
    Replies:
    1
    Views:
    9
    Elizabeta
    Sep 20, 2018 at 8:24 AM
  3. Matthew Utzig

    How do I include a php file on a different cpanel account?

    Matthew Utzig, Sep 19, 2018 at 5:50 PM, in forum: cPanel Developers
    Replies:
    1
    Views:
    24
    cPanelMichael
    Sep 19, 2018 at 6:33 PM
  4. cPanelJackson

    cPanel TSR-2018-0005 Full Disclosure

    cPanelJackson, Sep 18, 2018 at 2:35 PM, in forum: cPanel Announcements
    Replies:
    0
    Views:
    67
    cPanelJackson
    Sep 18, 2018 at 2:35 PM
  5. PeteS

    cPanel loops back to login screen

    PeteS, Sep 18, 2018 at 4:00 AM, in forum: General Discussion
    Replies:
    9
    Views:
    72
    cPanelLauren
    Sep 20, 2018 at 8:03 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice