The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacker?? Need help

Discussion in 'General Discussion' started by ChipW, Jun 8, 2007.

  1. ChipW

    ChipW Registered

    Joined:
    Mar 15, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I have an issue with one customer that claims that he was hacked.... Entire site deleted... This is a game clan using PHPNuke....

    The problem now is that the MYSQL server is continually going down which is causing server wide problems.... The owner of this site found a chat log of someone saying they are using mysql exploits....

    My question is, how do I find out if this is what is bringing me down.... What do I look for in the logs and what logs do I even look in?

    I am a total n00b to this kind of thing...

    Any help would be great.... I took this customer's site down for the moment to see if the problem stops and have changed my server and mysql root passwords..

    WHM 10.8.0 cPanel 10.9.0-S13517
    RedHat Enterprise 3 i686 - WHM X v3.1.0

    ConfigServer Security & Firewall - csf v2.51
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:

    That's a good start of course. Another step might be to not allow them on your server to begin with. You wouldn't be the first server to ban the nukes.

    This is a great tool to have installed. http://www.logview.org/
    Giving you access to lots of logs to poke thru real easy.

    Keep the site suspended till you figure it out. ;)
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Have you got remote access to mysql allowed? If so, I'd disable it. Also recommend upgrading csf to be the latest with shell command "csf -u" or from the WHM interface.

    phpnuke has a lousy security reputation, from what I hear ...
     
  4. nilesh_kolte

    nilesh_kolte Well-Known Member

    Joined:
    Apr 13, 2006
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Pune ,India
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page