The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My root account password has been found

Discussion in 'Security' started by jerome57, Oct 23, 2011.

  1. jerome57

    jerome57 Registered

    Joined:
    Oct 23, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I don't know what to do, I've been hacked several times and the pirat find every time the new password I've set.
    How is it possible to do this ? Is the cPanel password available somewhere in the server ?

    Thanks a lot and sorry for my english
     
  2. gnutoolbox

    gnutoolbox Member

    Joined:
    Sep 25, 2011
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    It could be due to various security reasons but it is advisable to do atleast the basic security to protect your server from common attacks. Try " Plugins -> ConfigServer Security&Firewall -> "Check server security" from your WHM to perform a basic security checks and follow the instruction given on each lines to patch the problems. You may also need to check for any root kits installed in your server (you can use rkhunter Rootkit Hunter to check for any root kits installed). Also always use https:// instead of http:// while accessing your whm or cpanel.
     
  3. jerome57

    jerome57 Registered

    Joined:
    Oct 23, 2011
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks, I'll try this and let you know !!!
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Did you provide the root password to anyone else such as your datacenter or provider, or someone working for you? That person's system could have been compromised.

    Have you scanned your own local system for any trojans or other malware? Your local system could have been compromised and that's how they are determining the password.

    Finally, when you use FTP, are you using the root password rather than the cPanel account password for access? If so, are you ensuring to use TLS or sFTP rather than FTP over plain text?

    Are you connecting using any proxies or internet cafe / wifi connections that are insecure? Your password might be getting transmitted via plain text using those.

    Are you ensuring that all WHM connections are https rather than http to ensure that you aren't sending the root password as plain text.

    Do you have the root password saved in your browser or some other password keeping utility? If so, some browsers can show the password in plain text so if the browser session is exploited, they can obtain the password.
     
Loading...

Share This Page