My account hacked

rag_gupta · Oct 27, 2013

My CPanel/WHM account(two) have been hacked using some Cpanel vulnerability ... I think. To reduce risk of attack I'm maintaining Joomla sites in different account. In one account home directory a dasher.php was placed. While in other LICESNE.php was placed.

I've attached the original access_log which is encrypted with passwd.

The attack has come from IP : 199.115.117.242

You can see that an infection dasher.php was uploaded.

I've changed the login name, server name and the ip address in this log file

Can you please tell me what could be the vulnerability?

Infopro · Oct 27, 2013

I've removed the attachment from your post. There's no need for that here.

You might do better to take a closer look at your Joomla install and whatever plugins you're using to make sure it's all fully up to date.

If you require assistance in doing so, you might want to hire someone from the cPanel AppCat:

cPanel App Catalog

Good luck with this.

24x7server · Oct 27, 2013

Hello,

Install LMD scanner on your server and scan your whole server and remove all php shell script from your server and install ConfigServer Security Firewall along with Mod_Security.

Thread starter	Similar threads	Forum	Replies	Date
C	Mutiple wordpress accounts hacked on 1 server	Security	4	May 17, 2022
P	Databases of a few accounts keep on getting hacked	Security	3	Dec 21, 2021
K	My WHM/cpanel account hacked? No access to root	Security	10	Mar 15, 2021
S	Cpanel Account Hacked	Security	3	Feb 15, 2016
C	Cpanel Account Hacked, Or Just The Wp Sites?	Security	2	Jul 30, 2015

Search

Search

My account hacked

rag_gupta

Registered

Infopro

Well-Known Member

24x7server

Well-Known Member