Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Joomla & Wordpress Hacked

Discussion in 'General Discussion' started by beleir, Jul 27, 2011.

  1. beleir

    beleir Registered

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    Hello cPanel Community!

    I will comment my problem,

    I just get hacked all Joomla & Wordpress sites in my hosting very often. Some was not updated, thats true, but a lot was the lot version of Joomla & Wordpress! (1.6.6 & 3.2.1 for example)

    I try everything: Put mod_userdir tweak on, mod security (default configuration) on, ConfigServer ModSecurity Control on, ConfigServer Security&Firewall on, have only PHP 5 activated (5.2.17) with Mod SuPHP,EAccelerator for PHP, IonCube Loader for PHP , Mod Security, Suhosin for PHP, Zend Optimizer/Guard Loader for PHP.

    Anyone have any idea?

    Thank you and Im learning about cPanel all the time!
     
  2. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    254
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    First thing first.
    Normally the meekest aspect of any security is the user (you). Make sure that your passwords are strong(letters, numbers and special characters).

    That being said, did they only hack your Joomla / Wordpress sites?
    If that is the case I am not sure if the cpanel forum is the place to post this. Cpanel mostly deals with cpanel issues.
     
  3. beleir

    beleir Registered

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    The password is secure, and the HTML sites are not hacked. So, I think that is a vulnerability in PHP compiled by EasyApache

    So, Im asking in the cPanel forums to see if any cPanel user/admin have the same problem, and how to solve it =)

    Thank you!
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,609
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Are you allowing individual php.ini files and does the account hacked have register_globals set to on? Are you disallowing set functions in disable_functions?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. beleir

    beleir Registered

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    this is my configuration in disable_functions:
    show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set

    and register globals variables is off of course.

    I didnt know if I have custom php.ini blocked. How can I see this? =)

    Thank you!
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,609
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Are you using suPHP? If you are, then unless you have this in /opt/suphp/etc/suphp.conf file:

    Code:
    [phprc_paths]
    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.
    application/x-httpd-php=/usr/local/lib/
    application/x-httpd-php4=/usr/local/php4/lib/
    application/x-httpd-php5=/usr/local/lib/
    You are allowing individual php.ini files on each account. The above lines will prevent individual php.ini files. Without restricting a php.ini file under suPHP, each account user can configure their own settings, bypassing your security settings.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice