EchoHost

Well-Known Member
Jul 27, 2003
52
0
156
I went to my site today to find this




This site is Hacked

By

sOoFaA & BooB11


Sorry Admin Nothing !!!

Was Deleted i Hacked This Site For Many Reasons Cuz Im Muslim
And You Killled Our Sons And Our Families
So Thats Why We'r Fighting And Hacking
On Your Net's SO Leave Us Alone Then We'll Think To Leave You Alone All You Mother Fucker Israel And
American People
And Government .....







I thoght i'd be safer with cpanel? Any idea how i can prevent this in the future or how they did this? All my files and everything is still on the server.. I have no idea how they did this.


It's a tempalte run site and I just noticed that they got access to my MySQL where they changed the index tempalte to show this. any ideas?
 
Last edited:

sawbuck

Well-Known Member
Jan 18, 2004
1,365
10
168
cPanel Access Level
Root Administrator
In WHM from MySQL Root Password option: "By default, no mysql root password is set"
If you didn't have it set might be a good place to start.
Are you running any firewall?
There are many ways to secure your setup. Might be worth your while to hire someone.
 

EchoHost

Well-Known Member
Jul 27, 2003
52
0
156
I have apf installed and there is a mysql root password. (i put that root/password) in the conf file for the database usage. thing he got in through that?
 

haze

Well-Known Member
Dec 21, 2001
1,540
3
318
Having cpanel installed is no substitution for a knowledged system admin.
 

ramprage

Well-Known Member
Jul 21, 2002
651
0
166
Canada
You may have an exploitable kernel or service running on your system and possibly have had a rootkit installed by the culprit. I would run a copy of rkhunter and chkrootkit and hire a professional to assist you.
 

AbeFroman

BANNED
Feb 16, 2002
644
1
318
Type
uname -r
let me know the output
 

soundlib

Member
Sep 6, 2004
6
0
151
Do you allow Telnet of SSH access into your system?
If yes, you may want to not allow SSH or telnet.
 

AbeFroman

BANNED
Feb 16, 2002
644
1
318
Type
netstat -lntp
paste the results here
 

isputra

Well-Known Member
May 3, 2003
574
0
166
Mbelitar
yesterday i check on my "tmp" and i find this :

ls -alR /var/tmp
drwxrwxrwt 2 root root 4096 Sep 6 16:42 ./
drwxr-xr-x 23 root root 4096 Sep 6 20:02 ../
-rwsrwsrwt 1 nobody nobody 31361 Aug 21 02:34 bot.zip*
-rw-r--r-- 1 nobody nobody 31361 Aug 21 01:44 bot.zip.1
-rw-r--r-- 1 nobody nobody 26 Sep 2 12:13 bs.pl
-rwxrwxrwx 1 nobody nobody 17032 Jul 18 17:16 cgi*
-rw-r--r-- 1 nobody nobody 17032 Jul 18 17:16 cgi.1
-rw-r--r-- 1 nobody nobody 729 Jul 30 22:42 dc.pl
-rwxrwxrwx 1 nobody nobody 0 Aug 23 08:07 j*

Apache always failed and back online when restart it but only for a minute will fail again.

Thanks for chirpy that he help me to repair it and now my apache "up" again.

From this maybe you must have sysadmin to look at your server and make your server more secure. I recommend "chirpy" for this or you can search other that can help you.
 

RAIS2

Well-Known Member
Jul 16, 2004
186
0
166
EchoHost said:
I thoght i'd be safer with cpanel? Any idea how i can prevent this in the future or how they did this? All my files and everything is still on the server.. I have no idea how they did this.
NO SERVER is SECURE. I once read on these very forums that the only server that is secure is the on that is not turned on!
 

StevenC

Well-Known Member
Jan 1, 2004
252
0
166
You can not secure a server 100% but you can increase the security of a server by setting many layers.
 

SageBrian

Well-Known Member
Jun 1, 2002
413
2
318
NY/CT (US)
cPanel Access Level
Root Administrator
EchoHost said:
I went to my site today to find this

This site is Hacked

By

sOoFaA & BooB11


Sorry Admin Nothing !!!

Was Deleted i Hacked This Site For Many Reasons Cuz Im Muslim
any ideas?
I've seen this a couple of times. It looked like they got in through known holes in different forum software. I've seen it with vBulletin, and a couple others. Check to make sure that your scripts are all updated. There have been several 'patches' recently to address these issues, at the individual sites.

Cpanel may or may not have the most up-to-date scripts ready for install, but it does NOT automatically install updates for individual scripts and forums, etc.