Increase security to prevent hacking?

Motamedi

Well-Known Member
Mar 14, 2015
81
0
56
Iran , Tehran
cPanel Access Level
Root Administrator
hello

Unfortunately, all I cPanel servers Was hacked by a hacker

/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow

by shell , change the root user and the server hacked
what to do to hackers
cPanel servers can not hack it?
how is the performance of the server to be loose?

im disable this functions
ir_a_bajo,disk_free_space,disk_total_space,php_uname,symlink,shell_exec,exec,proc_close,proc_open,popen,pclose,system,dl,passthru,escapeshellarg,escapeshellcmd,readfile,posix_access,posix_ctermid,posix_errno,posix_get_last_error,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_initgroups,posix_isatty,posix_kill,posix_mkfifo,posix_mknod,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
but you can not be with the front shell

please help me for increase security and prevent hacking

thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your server or websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked:

Log Files To Check After Account Hacked

As far as security going forward after you have reinstalled the OS and cPanel and restored the accounts, the following document is a good place to start:

Security - cPanel Knowledge Base - cPanel Documentation

Thank you.