ATEUAE

Registered
Mar 7, 2010
1
0
51
Hello;

My Cpanel powered site was hacked. I was about to login to make a backup when the site didn't accept the password. Then the attacker changed some pages on the site, and started an account transfer using the new account password.

My question is, how on earth this could have happpened?
 
Last edited:

thewebhosting

Well-Known Member
May 9, 2008
1,201
1
68
This could happen if your FTP password got compromised or it may be possible with the keylogger. You will have to change the cPanel and all the FTP passwords from your cPanel and also you will have to check the FTP Logs from where your site got compromised. You can check the FTP logs through SSH from /var/log/messages. However, if you do not have an access to the server then you will have to contact your hosting provider to provide the FTP logs. Once you get the IP address from the FTP logs you can banned that IP address in your firewall.

Moreover, also note that if you have an installed any third party tool in your web site then please make sure that you have upgraded to the latest version. Also, you have not assign the appropriate permissions to your files and folders. Do not assign the 777 permissions to your files or folders.
 

wills

Well-Known Member
Jan 29, 2003
202
1
168
Sounds like Gumbler attack. Are you running your own server? If so, search the forum for the fix.