The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

root password being hacked.

Discussion in 'General Discussion' started by 21Century, May 28, 2007.

  1. 21Century

    21Century Member

    Joined:
    Aug 16, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    is there anyways i can sort this out.

    thanks,
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is this a trick question?

    Make it a stronger password. That should solve the problem I would think.
     
  3. zanyzonk1

    zanyzonk1 Registered

    Joined:
    Mar 16, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    The way you said it, do you mean it keeps getting hacked when you change it, or keeps getting changed constantly?

    If so, you're being HACKED. Calm down, it happens.

    I would advise connecting to SSH via putty. Run "w", and "netstat -nalp |grep "SHPORTHERE" to see whos connected using SSH.

    There may be PHPShells, rootkits etc on your server. I would advise running 'cat /path/of/your/web/logs/* |grep "/x90/' to look for shell code.

    Search for running perl scripts 'ps -aux | grep perl'.

    I would also login to whm (if you can) and look at wheel group users, as well as viewing any resellers, and double checking no one else has root privileges (if they do, they can reset your root pass).

    Also, are you using the root password elsewhere? For anything else at all? Perhaps a billing system .e.g. WHMAutoPilot etc?
     
  4. vagsoftware

    vagsoftware Active Member

    Joined:
    Oct 20, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Yo!

    1. Use strong passwords (min 16 symbols). Use tools like pwgen.
    2. DO NOT connect with root from public locations, and also USE certificates, not login with passwords!
    3. Monitor your servers with tools that can verify processes, quotas and user activity (IRC bots, other hacking or exploit tools).
    4. Allow only one user to have shell access - root.
    5. Learn LINUX, cause you must or you will always be away from the subject and hacked.
    6. Hosting is the battlefield in the war of the Internet, and you, as an administrator collect all the bullets from all.

    Respekt.

    PS: F*** or die, learn Linux or cry :)
     
Loading...

Share This Page