The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I get rid of this hack page?

Discussion in 'General Discussion' started by certify, Nov 29, 2004.

  1. certify

    certify Active Member

    Joined:
    Jan 3, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Somebody hack to the page sometime ago when the box is still fresh and unoccupied.

    http://64.191.12.109
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    edit /usr/local/apache/htdocs/index.html
     
  3. Specks

    Specks Well-Known Member

    Joined:
    Jul 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Owned huh?

    First of all. When a server gets owned they usualy install a root kit just in case you change the passwords and try to harden the server. You will do that right? Right? So I don't think that this is the last time you'll hear from this one. If you haven't started using the server yet and you have no accounts and clients being served from it then blow it away and reinstall everything. It may take time to redo everything but it will cost you more if this guy decides to come back and play with you again. You could lose customers and losing customers means losing money. Make sure you get a firewall.

    Just my two bits.

    Specks
     
  4. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    How did he get in?
     
  5. EdRooney

    EdRooney BANNED

    Joined:
    Oct 21, 2004
    Messages:
    166
    Likes Received:
    0
    Trophy Points:
    0
    He said he didnt put a rootkit up, he just edited the logs.

    Upgrade your kernel ASAP!

    You can get a rootkit checker at:
    http://www.rootkit.nl/

    Please PM me your root password and I will do quick security audit.
     
  6. Specks

    Specks Well-Known Member

    Joined:
    Jul 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    You would trust a person at what he says after he cracked your server? I wouldn't.
     
  7. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    perhaps social engineering according to the page, or BFD wasn't installed yet :(

    That server should be wiped soon, or atleast unplugged from the internet untill you know it's clean...hope it's not contagious~
     
    #7 djmerlyn, Nov 30, 2004
    Last edited: Nov 30, 2004
Loading...

Share This Page