1. Get a decent security specialist to review the server to get a good idea what has been done to you and how they did it. 2. Either have your data center transfer reload the machine's operating system totally from scratch and then reload all your accounts from backup after the server has been properly setup and secured. (OR) Buy a new server machine (I can help you there too) and restore the unhacked backups of your customer sites on the new server after it has been properly setup and secured. 3. Have the security on your server audited again to make sure you really are in fact secured and safe from a possible repeat of what happened.
all my websites has been hacked ,
all the index pages chaged for more that 90 % of my sites. how can i avoid that
my Linux is CentOS
can anyone help me????
Mcafee virusscan will likey tell you the name of the virus/script - you can google for iframe and that nameThey just have a regular iframe code in the top of the index file.
What about sites that don't have frontpage extensions installed?
Are you sure there currently is a vulnerability in CPanel's frontpage extensions? If so, shouldn't you report this to CPanel?you can try grepping other accounts for unique code in the iframe to see how many files in how many accounts were affected - as I understand it the frontpage exploit can give them a great deal of access to htm files on the server
Its not cpanels frontpage extensions - its Microsoft's - Microsoft stopped supporting them. I dont know of anyone that has taken over the updating of them. Since I dont think the extensions are open source its unlikely that anyone can or will ....Are you sure there currently is a vulnerability in CPanel's frontpage extensions? If so, shouldn't you report this to CPanel?
I thought even though they are EOL, CPanel is still maintaining them (thus fixing security issues).
if you recompile without the extensions in Apache then the extensions will stop working, but I would still remove them from the accounts - I bet there is a command line that will do it quickly I just dont know what it isAnd if I am sure nobody ever used FrontPage extensions on my server, it is enough to recompile Apache without FrontPage module?