The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I've been hacked!

Discussion in 'General Discussion' started by EchoHost, Sep 6, 2004.

  1. EchoHost

    EchoHost Well-Known Member

    Joined:
    Jul 27, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    I went to my site today to find this




    This site is Hacked

    By

    sOoFaA & BooB11


    Sorry Admin Nothing !!!

    Was Deleted i Hacked This Site For Many Reasons Cuz Im Muslim
    And You Killled Our Sons And Our Families
    So Thats Why We'r Fighting And Hacking
    On Your Net's SO Leave Us Alone Then We'll Think To Leave You Alone All You Mother Fucker Israel And
    American People
    And Government .....







    I thoght i'd be safer with cpanel? Any idea how i can prevent this in the future or how they did this? All my files and everything is still on the server.. I have no idea how they did this.


    It's a tempalte run site and I just noticed that they got access to my MySQL where they changed the index tempalte to show this. any ideas?
     
    #1 EchoHost, Sep 6, 2004
    Last edited: Sep 6, 2004
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    In WHM from MySQL Root Password option: "By default, no mysql root password is set"
    If you didn't have it set might be a good place to start.
    Are you running any firewall?
    There are many ways to secure your setup. Might be worth your while to hire someone.
     
  3. EchoHost

    EchoHost Well-Known Member

    Joined:
    Jul 27, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    I have apf installed and there is a mysql root password. (i put that root/password) in the conf file for the database usage. thing he got in through that?
     
  4. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Having cpanel installed is no substitution for a knowledged system admin.
     
  5. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    You may have an exploitable kernel or service running on your system and possibly have had a rootkit installed by the culprit. I would run a copy of rkhunter and chkrootkit and hire a professional to assist you.
     
  6. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Type
    uname -r
    let me know the output
     
  7. soundlib

    soundlib Member

    Joined:
    Sep 6, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Do you allow Telnet of SSH access into your system?
    If yes, you may want to not allow SSH or telnet.
     
  8. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Type
    netstat -lntp
    paste the results here
     
  9. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    yesterday i check on my "tmp" and i find this :

    ls -alR /var/tmp
    drwxrwxrwt 2 root root 4096 Sep 6 16:42 ./
    drwxr-xr-x 23 root root 4096 Sep 6 20:02 ../
    -rwsrwsrwt 1 nobody nobody 31361 Aug 21 02:34 bot.zip*
    -rw-r--r-- 1 nobody nobody 31361 Aug 21 01:44 bot.zip.1
    -rw-r--r-- 1 nobody nobody 26 Sep 2 12:13 bs.pl
    -rwxrwxrwx 1 nobody nobody 17032 Jul 18 17:16 cgi*
    -rw-r--r-- 1 nobody nobody 17032 Jul 18 17:16 cgi.1
    -rw-r--r-- 1 nobody nobody 729 Jul 30 22:42 dc.pl
    -rwxrwxrwx 1 nobody nobody 0 Aug 23 08:07 j*

    Apache always failed and back online when restart it but only for a minute will fail again.

    Thanks for chirpy that he help me to repair it and now my apache "up" again.

    From this maybe you must have sysadmin to look at your server and make your server more secure. I recommend "chirpy" for this or you can search other that can help you.
     
  10. RAIS2

    RAIS2 Well-Known Member

    Joined:
    Jul 16, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    NO SERVER is SECURE. I once read on these very forums that the only server that is secure is the on that is not turned on!
     
  11. StevenC

    StevenC Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    You can not secure a server 100% but you can increase the security of a server by setting many layers.
     
  12. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    I've seen this a couple of times. It looked like they got in through known holes in different forum software. I've seen it with vBulletin, and a couple others. Check to make sure that your scripts are all updated. There have been several 'patches' recently to address these issues, at the individual sites.

    Cpanel may or may not have the most up-to-date scripts ready for install, but it does NOT automatically install updates for individual scripts and forums, etc.
     
  13. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
     
  14. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    what other php mysql scripts have you got running ?
     
  15. denisdekat09

    denisdekat09 Well-Known Member

    Joined:
    Mar 2, 2002
    Messages:
    265
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Francisco
Loading...

Share This Page