The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My site was hacked

Discussion in 'Data Protection' started by jschein, Apr 25, 2005.

  1. jschein

    jschein Registered

    Joined:
    Apr 25, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    My site aestechnologies.net was hacked. They modified the default e-mail, the password and uploaded a forum in vietnamese.

    My host found it was created 5 days ago and sent me a file with all the mods that were done. Luckily I had a backup, but it was 2 weeks old and I have to re-create alot of info to include an online store.

    VDECK has a feature to restrict admin access to an I.P. . I cannot find such a function in CPanel. Does it exist or must I request a dev look into that option.

    Also, is there a way to send an e-mail to the primary owner (myself) upon a successful / unsuccessful attempt to access the admin module so we can track login attepts and quickly deny i.p.'s if neccessary?

    Any input is greatly appreciated.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Unfortunately, none of those options exist in cPanel. You can create an enhancement request if you wish:
    http://forums.cpanel.net/showthread.php?t=38350

    The primary concern for you, I would imagine, is to find out how the hackers got in. Did you find out? Most user compromises these days are usually through vulnerable PHP or perl CGI scripts, with the most common culprit at the moment being phpBB. You do need to check that you are not running any vulnerable scripts otherwise they may get straight back in.
     
  3. jschein

    jschein Registered

    Joined:
    Apr 25, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I hear you... No, they got in through cpanel.

    I run Mambo. All the admin and sensitive areas are .htaccessed. My .htaccess files are unreadable and any config.php's are also the same. They actually got into my cpanel, changed all of my info there. Believe it or not, they did not touch anything with my mambo except for deleting my sql database and creating their own for their little forum.

    No additional cgi's or pl's running whatsoever. It kills me that such a feature doesn't exist for the backbone to the administration of a site.

    Thank you for a response.
     
  4. brentp

    brentp Well-Known Member

    Joined:
    Mar 11, 2004
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ayr, North Queensland, Australia
    Dude, use a strong password, like gdsi546asd, and you should be safe.

    Get your host to check out the cpanel access logs for your username.

    Regards,
    Brent
     
  5. jschein

    jschein Registered

    Joined:
    Apr 25, 2005
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I did use an alpha-numeric password before. Now it is even longer.

    My question was why there isn't any lock out admin access from all i.p.'s except this one option. To enhance the security so it does not happen.
     
  6. scapeweb

    scapeweb Well-Known Member

    Joined:
    Aug 16, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Yea post of the time when people get hacked through Cpanel it's because of the password. Use a password that won't be generated by a script.
     
  7. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    You can even add some special characters. I use combinations of uppercase, lowercase, numbers and special characters such as @ and things like that to secure my SSH login and I have it down to just my login and root is disabled.
     
Loading...

Share This Page