ChipW

Registered
Mar 15, 2006
3
0
151
I have an issue with one customer that claims that he was hacked.... Entire site deleted... This is a game clan using PHPNuke....

The problem now is that the MYSQL server is continually going down which is causing server wide problems.... The owner of this site found a chat log of someone saying they are using mysql exploits....

My question is, how do I find out if this is what is bringing me down.... What do I look for in the logs and what logs do I even look in?

I am a total n00b to this kind of thing...

Any help would be great.... I took this customer's site down for the moment to see if the problem stops and have changed my server and mysql root passwords..

WHM 10.8.0 cPanel 10.9.0-S13517
RedHat Enterprise 3 i686 - WHM X v3.1.0

ConfigServer Security & Firewall - csf v2.51
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Any help would be great.... I took this customer's site down for the moment to see if the problem stops and have changed my server and mysql root passwords..

WHM 10.8.0 cPanel 10.9.0-S13517
RedHat Enterprise 3 i686 - WHM X v3.1.0

ConfigServer Security & Firewall - csf v2.51

That's a good start of course. Another step might be to not allow them on your server to begin with. You wouldn't be the first server to ban the nukes.

This is a great tool to have installed. http://www.logview.org/
Giving you access to lots of logs to poke thru real easy.

Keep the site suspended till you figure it out. ;)
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
Have you got remote access to mysql allowed? If so, I'd disable it. Also recommend upgrading csf to be the latest with shell command "csf -u" or from the WHM interface.

phpnuke has a lousy security reputation, from what I hear ...