The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacking of config files

Discussion in 'General Discussion' started by Frankc, Apr 11, 2007.

  1. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    Somebody seems to be able to hack into a cPanel server with relative strong security (managed by platinumservermanagement.com).

    Seems like Islamic hacker that overwrited all the config.php and other config files for several programs such as Invision Board etc.

    Anyone experienced the same?
     
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I haven't seen this before, are you sure that the server management company was doing a good job in keeping the system secure? I've seen management companies not even have a firewall or mod_security installed before after clients were using them for months....
     
  3. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I haven't seen this before, are you sure that the server management company was doing a good job in keeping the system secure? I've seen management companies not even have a firewall or mod_security installed before after clients were using them for months....
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I'll second that comment and add a few additional words ...

    My profession 1st and foremost is that of a server security specialist and you would
    not believe how many times I've found new client servers completely insecure,
    nothing configured, and pretty much in a default "out of the box" state only
    for the client to tell me that they had previously hired some management company
    to fully manage their servers and had supposedly "secured" the server for them.

    Upon closer examination, I find that most management companies either never
    logged in and just get paid for nothing whatsoever or just simply login to view the
    server logs daily and nothing more ...

    ... Ironically, many of those actually telling the clients they secured the server !!!

    Even more frightening to learn is that I have actually run into companies touting
    themselves as professional server management companies only to find out that
    everyone at those companies doesn't have the slightest clue what they are doing
    and know even less about servers than the client who hired them!

    There are a few rare ones that actually do their job but the vast majority of so
    called management companies out there do absolutely nothing other than
    just take the client's money and nothing more!

    Don't count on your server being secure just because you got someone
    or some company out there to manage it for you. It's probably not.

    Now, with your mentioning of a possible security breach, I would be willing to take
    a good hard look at your server free of charge to see what is going on and
    determine what vulnerabilities your server has and let you know what has
    and hasn't been secured on your server if you would like for me to
    examine your server for you.
     
    #4 Spiral, Apr 11, 2007
    Last edited: Apr 11, 2007
  5. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    Sorry for answer only now but you will perhaps have simpaty with me. haha (It's actually a cry)

    I can send you one config file that was hacked, suspect that it is insecure scripts but the rest is gone as in gone.

    (By the way. I am already in server environment for several years. Start to used www.platinumservermanagement.com, that I know for some time and used before, recently again as I struggle to get the time for everything. I checked and there is not much more that could be done.

    Anyway. What happened is that I suspected the damn hacker is still on the server busy causing havoc (Have 200 sites with identical script) so my first thought was to stop the hacker by forcefull reboot the server and then change all config.php and such files to read only. (Problem is most of them need write permissions to work with the script)

    After reboot, everything was gone. Techs at datacenter said they cannot access the server to restore the data. http://ukwebsolutionsdirect.co.uk

    750 domains on the server. Only backups for 30% of them.
     
  6. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    By the way. I spend almost 3 days last weekend to update each and every password on the server to at least 80 bits for accounts and 128 bit for reseller and other accounts.
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You need to stop with the restore, freeze everything, and let me take a look at it right now ...

    Making a lot of system changes and restoring accounts can make it more difficult
    to see what is going on and subsequently harder to close the security hole.

    Not to mention, I want to see these "identical scripts" you are talking about ;)
     
  8. Murtaza_t

    Murtaza_t Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    476
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cPanel Access Level:
    Website Owner
    Spiral is correct.. restoring a server at this point would be like throwing bags of water on theives foot print.
     
  9. Frankc

    Frankc Well-Known Member

    Joined:
    Jun 18, 2005
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
Loading...

Share This Page