The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hack attempts on dedicated server ! What are the steps i can take

Discussion in 'Security' started by ANKUR KUMAR, Oct 28, 2012.

  1. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hack attempt in linux centos server with Cpanel/WHM installed .

    The hacker is easly able to penetrate the server and make changes in account

    What are the steps i must take to tighten the security .

    I have firewall enabled .

    I have even blocked all IP to access ssh

    Changed default port ...

    changed permission for /bin/ln


    what else can be done .....?????????
     
    #1 ANKUR KUMAR, Oct 28, 2012
    Last edited: Oct 28, 2012
  2. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Re: Targeted Security Release 2012-05-31 Announcement

    Do your updated whm covers the access to user accounts . I am facing issues , people are able to access accounts without knowing login credentials
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Re: Targeted Security Release 2012-05-31 Announcement

    Could you please provide more details on whether you mean cPanel login or email accounts or what precisely? The more specifics that can be provided, the faster we can try to assist.
     
  4. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Re: Targeted Security Release 2012-05-31 Announcement

    Actually hackers are able to enter inside the root , WHM , and almost every where . They can even create new accounts in WHM , upload false pay pal content in users accounts , and send emails in bulk to email IDs using my server .

    In short it is a phishing attack.

    To avoid this , i have taken the following step

    Updated my Kernal version

    CSF is enabled , virus scanner is enabled

    bin/ln perission is set to 600 / 400

    I have changed the regular port 22 to different ..

    most of the config.php file in domain hosted are set to permission 400



    I still dont get a solution ... Still facing issues . ..
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    200
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  6. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    Maybe they still have root access.
    Also you should install mod_security.
     
  7. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    See, i my data center is managing all . They have quality engineers but i am facing this issue on a new server installed .
    I am asking for the solution from a technical person , why this is happening with Canel and how can i over come it .

    I am not asking for any commercial solution . I run a web hosting firm and i just wished cpanel can clear why it is prone to attacks
    and what are ALL measures i should take to prevent this .
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    We cannot provide any input when we haven't logged into the machine to see what is happening. The forums aren't the location to troubleshoot these types of issues. Submit a ticket so we can see what might be the cause.
     
  9. ANKUR KUMAR

    ANKUR KUMAR Active Member

    Joined:
    Oct 28, 2012
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    There are hell lots of things written over here
    10 Tips for making your cPanel and WHM servers more secure | cPanel, Inc.

    Instead of redirecting me , sales staff of cpanel is re directing me to system admins .

    Tristan and InfiPro , why so ?


    :(
     
  10. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    if they have root access to the server you will want to reinstall. no way to know if you got them off if they had root.
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,472
    Likes Received:
    200
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Server Security is the job of the System Administrator. That link you posted with "10 Tips" is help provided by cPanel to get you going in the right direction.

    If your server has been compromised, and you're unsure of your next steps, me advising you to seek the help of a professional is a valid suggestion I think. Tristan suggesting you open a ticket about this so that cPanel Technical Support, of which Tristan is a Technical Analyst III with cPanel, Inc. is also a valid suggestion, although if your server has been compromised, in the end you'll be looking for qualified System Administrator to get things sorted, if you need the assistance that is.

    I hope that helps explain things a bit more for you.
     
Loading...

Share This Page