The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about "fast" hack

Discussion in 'Security' started by Shadowrider, Feb 22, 2015.

  1. Shadowrider

    Shadowrider Member

    Joined:
    Jan 29, 2015
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Moss, Norway
    cPanel Access Level:
    Root Administrator
    Hi,

    I have a question as to where i can start my error searching.
    I just installed cPanel on a fresh VPS server, withing one hour the server was setup and cpanel installed. I also changed the default port of SSH etc. And used a password with a rating of 100 (Something like: ¤5,45Tuø+1). Thus i find it hard to see how anyone can login to my account. But withing 12 hours the root account was compromised with a root login.

    I have several VPS servers without this problem, so i was surprised.

    My question: Is it possible that my VPS host is compromised, or am i seeing ghosts?

    The server was default CentOs with default cpanel install and valid SSL certificate. SSH port changed from 22 to 2345.

    But since i got an E-mail the main login was through controlpanel web. After that i could see that they had been logged in with SSH as well.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate on how you know it was compromised? Are you sure the username wasn't simply locked by cPHulk due to a brute force attempt?

    Thank you.
     
  3. shojib

    shojib Member

    Joined:
    Mar 31, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sylhet, Bangladesh
    cPanel Access Level:
    Root Administrator
    Hi there ,
    I have been through same problem myself , it's maybe because your server's cphulk configuration .
    You can check with other pc which has different ip to see if whm allows you to login or not .
    If you can't login then ask your vps provider to reset your vps root password , and after that don't forget to recompile apache without MPM-ITK , I don't know what it does but my issue is fixed after I compiled apache without MPM-ITK .
    Cheers,
    Shahriar
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This should have no effect on the cPHulkd configuration. It's possible that it's simply a coincidence that logins started working after EasyApache.

    Thank you.
     
Loading...

Share This Page