The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My Cpanel hacked?

Discussion in 'General Discussion' started by ATEUAE, Mar 7, 2010.

  1. ATEUAE

    ATEUAE Registered

    Joined:
    Mar 7, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hello;

    My Cpanel powered site was hacked. I was about to login to make a backup when the site didn't accept the password. Then the attacker changed some pages on the site, and started an account transfer using the new account password.

    My question is, how on earth this could have happpened?
     
    #1 ATEUAE, Mar 7, 2010
    Last edited: Mar 7, 2010
  2. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    This could happen if your FTP password got compromised or it may be possible with the keylogger. You will have to change the cPanel and all the FTP passwords from your cPanel and also you will have to check the FTP Logs from where your site got compromised. You can check the FTP logs through SSH from /var/log/messages. However, if you do not have an access to the server then you will have to contact your hosting provider to provide the FTP logs. Once you get the IP address from the FTP logs you can banned that IP address in your firewall.

    Moreover, also note that if you have an installed any third party tool in your web site then please make sure that you have upgraded to the latest version. Also, you have not assign the appropriate permissions to your files and folders. Do not assign the 777 permissions to your files or folders.
     
  3. wills

    wills Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    202
    Likes Received:
    1
    Trophy Points:
    18
    Sounds like Gumbler attack. Are you running your own server? If so, search the forum for the fix.
     
Loading...

Share This Page