The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

One of my customer's accounts was hacked

Discussion in 'General Discussion' started by kcdworks, Sep 23, 2002.

  1. kcdworks

    kcdworks Well-Known Member

    Joined:
    Jul 28, 2002
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    One of my customers, www.duckoff.com was hacked, but I'm not sure if it was a password that was cracked or something done to the server .... since his is the only account affected, I think it was a simple password crack, but how do I find out?

    What logs would I check? When you go to the site, you can see what was done. I have a feeling I know *why* it was done ... but I need to confirm it was a cracked password or whatnot ... the hacker seems to want to be contacted, so I sent him an email ... I guess we will see.
     
  2. Final-Solution

    Final-Solution Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    hooah

    Of course the hacker wants to be contacted, if nobody contacted him he wouldn't know anyone cares and he'd have to download some porn to get off instead of enjoying your email.

    The best thing to do is *not* to contact a &hacker&, it only makes them pay more attention to you . . is your customers password something stupid like abc123? Chances are it's just cracked, especially if you think there's a reason someone would want to crack it.
     
  3. kcdworks

    kcdworks Well-Known Member

    Joined:
    Jul 28, 2002
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Well, it turns out that it was a cracked password (although it had to have been *given* to this person, and probably was, as he had given it to all of his forum administators).

    The password has since been changed and the person has lost shell access. He has also been warned that if his password is given out again his account will be terminated.

    I figured that it had to be an FTP password, as his was the only domain touched.
     
Loading...

Share This Page