The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Joomla & Wordpress Hacked

Discussion in 'General Discussion' started by beleir, Jul 27, 2011.

  1. beleir

    beleir Registered

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hello cPanel Community!

    I will comment my problem,

    I just get hacked all Joomla & Wordpress sites in my hosting very often. Some was not updated, thats true, but a lot was the lot version of Joomla & Wordpress! (1.6.6 & 3.2.1 for example)

    I try everything: Put mod_userdir tweak on, mod security (default configuration) on, ConfigServer ModSecurity Control on, ConfigServer Security&Firewall on, have only PHP 5 activated (5.2.17) with Mod SuPHP,EAccelerator for PHP, IonCube Loader for PHP , Mod Security, Suhosin for PHP, Zend Optimizer/Guard Loader for PHP.

    Anyone have any idea?

    Thank you and Im learning about cPanel all the time!
     
  2. tank

    tank Well-Known Member

    Joined:
    Apr 12, 2011
    Messages:
    236
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chicago, IL
    cPanel Access Level:
    Root Administrator
    First thing first.
    Normally the meekest aspect of any security is the user (you). Make sure that your passwords are strong(letters, numbers and special characters).

    That being said, did they only hack your Joomla / Wordpress sites?
    If that is the case I am not sure if the cpanel forum is the place to post this. Cpanel mostly deals with cpanel issues.
     
  3. beleir

    beleir Registered

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    The password is secure, and the HTML sites are not hacked. So, I think that is a vulnerability in PHP compiled by EasyApache

    So, Im asking in the cPanel forums to see if any cPanel user/admin have the same problem, and how to solve it =)

    Thank you!
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Are you allowing individual php.ini files and does the account hacked have register_globals set to on? Are you disallowing set functions in disable_functions?
     
  5. beleir

    beleir Registered

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    this is my configuration in disable_functions:
    show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set

    and register globals variables is off of course.

    I didnt know if I have custom php.ini blocked. How can I see this? =)

    Thank you!
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Are you using suPHP? If you are, then unless you have this in /opt/suphp/etc/suphp.conf file:

    Code:
    [phprc_paths]
    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.
    application/x-httpd-php=/usr/local/lib/
    application/x-httpd-php4=/usr/local/php4/lib/
    application/x-httpd-php5=/usr/local/lib/
    You are allowing individual php.ini files on each account. The above lines will prevent individual php.ini files. Without restricting a php.ini file under suPHP, each account user can configure their own settings, bypassing your security settings.
     
Loading...

Share This Page