rag_gupta

Registered
Sep 16, 2013
2
0
1
cPanel Access Level
Website Owner
My CPanel/WHM account(two) have been hacked using some Cpanel vulnerability ... I think. To reduce risk of attack I'm maintaining Joomla sites in different account. In one account home directory a dasher.php was placed. While in other LICESNE.php was placed.

I've attached the original access_log which is encrypted with passwd.

The attack has come from IP : 199.115.117.242

You can see that an infection dasher.php was uploaded.

I've changed the login name, server name and the ip address in this log file

Can you please tell me what could be the vulnerability?
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
I've removed the attachment from your post. There's no need for that here.

You might do better to take a closer look at your Joomla install and whatever plugins you're using to make sure it's all fully up to date.

If you require assistance in doing so, you might want to hire someone from the cPanel AppCat:

cPanel App Catalog

Good luck with this.
 

24x7server

Well-Known Member
Apr 17, 2013
1,907
95
78
India
cPanel Access Level
Root Administrator
Hello,

Install LMD scanner on your server and scan your whole server and remove all php shell script from your server and install ConfigServer Security Firewall along with Mod_Security.