The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked Server

Discussion in 'Security' started by vaarsn, Aug 12, 2014.

  1. vaarsn

    vaarsn Registered

    Joined:
    Aug 12, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    My sites on the latest cPanel server being hacked from time-by-time. I had set and configured csf&lfd, also I had enabled today mod_userdir, disabled php functions:

    Code:
    apache_child_terminate,apache_setenv,define_syslog_variables,escapeshellarg,escapeshellcmd,eval,exec,fp,fput,ftp_connect,ftp_exec,ftp_get,ftp_login,ftp_nb_fput,ftp_put,ftp_raw,ftp_rawlist,highlight_file,ini_alter,ini_get_all,ini_restore,inject_code,mysql_pconnect,openlog,passthru,php_uname,phpAds_remoteInfo,phpAds_XmlRpc,phpAds_xmlrpcDecode,phpAds_xmlrpcEncode,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,syslog,system,xmlrpc_entity_decode,phpinfo,show_source,symlink,dl
    But today few my sites were hacked again by exploit. I found that Apache 2 ITK MPM can be useful in such case. Can somebody tell me what I need to check?
     
    #1 vaarsn, Aug 12, 2014
    Last edited by a moderator: Aug 12, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You could start by using the "Security Advisor" option in Web Host Manager. This will complete a basic check of your server to ensure some of the more common vulnerabilities are addressed. However, you likely should consult with a qualified system administrator to help determine the source of the exploit if you are not comfortable doing this on your own.

    Thank you.
     
  3. Mckenzielaa

    Mckenzielaa Member

    Joined:
    Jul 10, 2014
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Recompile Apache to include sim link protection, but your best doing a fresh install if you have already been hacked. Change the server IP to.
     
  4. vaarsn

    vaarsn Registered

    Joined:
    Aug 12, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    I saw a lot of your posts here. Most of them was very helpful. But why your answer here so skimpy? :)
    As I said before, I had performed a lot and lot of actions to make my server more secure, I had installed a lot of extensions, I followed with Security Advisor suggestions etc. but my server is still unsecure. From I found, they used php shell script to perform penetration. I have one example of such script. Is there any way how can I check my server outside for holes? Maybe there is exist some free solutions?
     
  5. vaarsn

    vaarsn Registered

    Joined:
    Aug 12, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks. I did it already. But I guess, IP changing and server's reinstallation won't help me. I need to find hole and destroy it.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked:

    Log Files To Check After Account Hacked

    Thank you.
     
  7. vaarsn

    vaarsn Registered

    Joined:
    Aug 12, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page