The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I am hacked?

Discussion in 'Security' started by 000, Oct 5, 2013.

  1. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    please see image 2.PNG is puck237.dedicatedpane connected to my server?
    is 115.168.43.158 connected to my server?

    Or what is "ESTABLISHED" ?

    I find this: /http://www.blocklist.de/en/view.html?ip=85.25.242.234

    Thanks.
     
  2. Sys Admin

    Sys Admin Well-Known Member

    Joined:
    Apr 29, 2007
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    re: I am hacked?

    It looks like there is an automated ssh scanner on that host (or that server could be compromised) and it's trying to bruteforce or exploit randomly. You can check your /var/log/secure & messages log files to tell if that host was able to gain access to your server or not. It's recommended to tweak your sshd configs and consider changing your ssh port to something else other than the default 22.
     
  3. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    re: I am hacked?

    Thanks.
    ¿my host?
    ¿the host remote?
     
  4. Aaron.Edwards

    Aaron.Edwards Active Member

    Joined:
    Sep 21, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    re: I am hacked?

    Hi,

    From your screenshot, I can see that your server has been connected through ssh from the following location.

    1. puck237.dedicatedpane with Process id : 22223 (in your server)

    2. 115.168.43.158 with Process id : 7464

    If the above ssh access is unauthorized access to your server, I suggest you to secure and harden your server. If the above mentioned process ids are still in place, try with,

    # cat /proc/22223/environ

    # cat /proc/7464/environ
     
  5. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    re: I am hacked?

    Hello,

    I will suggest you please disable the all user shell access and change your ssh port also secure your server and run the RKHunter and maldet (LMD) scan on your server on your server
     
  6. Viborahost

    Viborahost Registered

    Joined:
    Oct 6, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I strongly suggest you install ConfigServer Security Firewall along with Mod_Security. I am not trying to pimp it, I happened to be getting port scanned off the map until I figured out how to use Configserver.

    Installation:
    rm -fv csf.tgz
    wget http://www.configserver.com/free/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh

    Later go to whm Plugins
    configserver

    Now you need to configure it, takes about an hour to get through everything correctly the first time around, it will guide you on how to create a very secure environment and it is 100% free to use.
     
    #6 Viborahost, Oct 6, 2013
    Last edited by a moderator: Oct 6, 2013
Loading...

Share This Page