The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to secure websites from hackers?

Discussion in 'Security' started by mgbhosting, Apr 28, 2011.

  1. mgbhosting

    mgbhosting Member

    Joined:
    Oct 23, 2009
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    My customer website was hacked by some hacker. Only a main page with some arabic words.
    Do you know how can i prevent this kind of issues?
    Thanks
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Do you know how the account was hacked? If you do not know how it was hacked, it isn't possible to know how to prevent it.

    Next, what script(s) was the user using? Were all of those scripts up-to-date?

    Did you check the domain's domlogs to see what activity existed on the account?

    Normally, accounts are attacked via a security hole in a PHP script that allows passing commands without sanitizing them. If you have register_globals set to "on" for your /usr/local/lib/php.ini (or a custom php.ini on the customer's account), this could pose a high security risk to allow such an issue to happen.

    Until we know the exact method for the attack, it isn't possible to provide specific suggestions on how to reduce the future likelihood for it to occur again.
     
  3. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    ON top of that what kind of security are your running on your server, do you have a firewall etc.
     
  4. nobodyk

    nobodyk Well-Known Member

    Joined:
    Aug 1, 2010
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Most of the time it's just bad permissions. Make sure you set permissions to 755 instead of 777 on folders.
     
  5. mgbhosting

    mgbhosting Member

    Joined:
    Oct 23, 2009
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    solved guys. The problem was the ssh configuration. i had to bring a security administrator. Thanks anyway.
     
Loading...

Share This Page