The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reported Attack Page!

Discussion in 'Security' started by iwt, Jul 10, 2012.

  1. iwt

    iwt Registered

    Joined:
    Dec 30, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I have following site 'www.isetnepal.org.np' infected by virus. When I check each files, I found that it has affected the .htaccess file replacing with new codes.
    How can I get rid of?
    Thanks for the support.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Were you running a script on the site like WordPress, Joomla or such? If so, first off, you should update that script to the latest version. Next, go through the account to check every file (or even remove all the files and restore from backup and then update to the latest version). Finally, clear the .htaccess content if you don't have a copy of the original.

    Most times, a site gets attacked from having an old application like WordPress or Joomla that hasn't been kept up-to-date.
     
  3. iwt

    iwt Registered

    Joined:
    Dec 30, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    This site is doesn't use any framework like Wordpress and Joomla. Though in the server where it has been hosted, there are some other site which are hosted using Wordpress and Joomla. Does this affect other site?
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    No, those should not impact your site if you are using suPHP and are using secure file permissions for your files and folders. Do you have any PHP scripts on your site?
     
  5. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    64
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    Were these by any chance referral redirects? We've seen a few cases of referral redirects uploaded to .htaccess file via FTP.

    Check the ftp logs under /home/USER/access-logs, and see if there is any activity on your .htaccess files. Reset the cPanel password to something unique and secure, and replace the .htaccess files.
     
  6. voshka

    voshka Active Member

    Joined:
    Apr 4, 2010
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    By just having SUPHP enabled it is not true to say that the sites near on the same server wont be subject to an attack as there is other post in here by attacking using symlink
    http://forums.cpanel.net/f185/how-prevent-creating-symbolic-links-non-root-users-202242.html

    Use maldet to scan the whole sever for suspicious files
    do recommendation on that post and also install mod_security and latest rule sets

    there may have been some other account compromised and got access through here
     
Loading...

Share This Page