Frankc

Well-Known Member
Jun 18, 2005
105
1
168
Somebody seems to be able to hack into a cPanel server with relative strong security (managed by platinumservermanagement.com).

Seems like Islamic hacker that overwrited all the config.php and other config files for several programs such as Invision Board etc.

Anyone experienced the same?
 

ramprage

Well-Known Member
Jul 21, 2002
655
0
166
Canada
I haven't seen this before, are you sure that the server management company was doing a good job in keeping the system secure? I've seen management companies not even have a firewall or mod_security installed before after clients were using them for months....
 

ramprage

Well-Known Member
Jul 21, 2002
655
0
166
Canada
I haven't seen this before, are you sure that the server management company was doing a good job in keeping the system secure? I've seen management companies not even have a firewall or mod_security installed before after clients were using them for months....
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
I haven't seen this before, are you sure that the server management company was doing a good job in keeping the system secure? I've seen management companies not even have a firewall or mod_security installed before after clients were using them for months....
I'll second that comment and add a few additional words ...

My profession 1st and foremost is that of a server security specialist and you would
not believe how many times I've found new client servers completely insecure,
nothing configured, and pretty much in a default "out of the box" state only
for the client to tell me that they had previously hired some management company
to fully manage their servers and had supposedly "secured" the server for them.

Upon closer examination, I find that most management companies either never
logged in and just get paid for nothing whatsoever or just simply login to view the
server logs daily and nothing more ...

... Ironically, many of those actually telling the clients they secured the server !!!

Even more frightening to learn is that I have actually run into companies touting
themselves as professional server management companies only to find out that
everyone at those companies doesn't have the slightest clue what they are doing
and know even less about servers than the client who hired them!

There are a few rare ones that actually do their job but the vast majority of so
called management companies out there do absolutely nothing other than
just take the client's money and nothing more!

Don't count on your server being secure just because you got someone
or some company out there to manage it for you. It's probably not.

FrankC said:
Somebody seems to be able to hack into a cPanel server with relative strong security (managed by platinumservermanagement.com).
Now, with your mentioning of a possible security breach, I would be willing to take
a good hard look at your server free of charge to see what is going on and
determine what vulnerabilities your server has and let you know what has
and hasn't been secured on your server if you would like for me to
examine your server for you.
 
Last edited:

Frankc

Well-Known Member
Jun 18, 2005
105
1
168
Sorry for answer only now but you will perhaps have simpaty with me. haha (It's actually a cry)

I can send you one config file that was hacked, suspect that it is insecure scripts but the rest is gone as in gone.

(By the way. I am already in server environment for several years. Start to used www.platinumservermanagement.com, that I know for some time and used before, recently again as I struggle to get the time for everything. I checked and there is not much more that could be done.

Anyway. What happened is that I suspected the damn hacker is still on the server busy causing havoc (Have 200 sites with identical script) so my first thought was to stop the hacker by forcefull reboot the server and then change all config.php and such files to read only. (Problem is most of them need write permissions to work with the script)

After reboot, everything was gone. Techs at datacenter said they cannot access the server to restore the data. http://ukwebsolutionsdirect.co.uk

750 domains on the server. Only backups for 30% of them.
 

Frankc

Well-Known Member
Jun 18, 2005
105
1
168
By the way. I spend almost 3 days last weekend to update each and every password on the server to at least 80 bits for accounts and 128 bit for reseller and other accounts.
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
You need to stop with the restore, freeze everything, and let me take a look at it right now ...

Making a lot of system changes and restoring accounts can make it more difficult
to see what is going on and subsequently harder to close the security hole.

Not to mention, I want to see these "identical scripts" you are talking about ;)
 

Frankc

Well-Known Member
Jun 18, 2005
105
1
168