The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

serious problem of phishing sites

Discussion in 'Security' started by hozyali, Jun 9, 2014.

  1. hozyali

    hozyali Well-Known Member

    Joined:
    Jan 24, 2007
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Its been several weeks now. My cpanel server is continuously having phishing attacks. My server's ssh port is also different.
    I have firewall also enabled. I also had a server admin who checked, but he could not find the root cause.

    I suspend the users, but the phishing comes on another user next day.

    Please help.
     
  2. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Generally phishing scams, injections appears when you run outdated cms, applications, weak coded scripts. In order to avoid such issues you should run updated software, plugins, themes, secure cms passwords, ftp passwords etc.

    In addition to this if you use modsecurity with updated rules then it should avoid such issues.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    All good advice.

    Also, are you protected against cross-account symlink attacks? When I see constant phishing on servers that aren't root compromised, it's usually because of a symlink hack used to gain credentials.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,852
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. hozyali

    hozyali Well-Known Member

    Joined:
    Jan 24, 2007
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Thanks all. Mod Security is already enabled on the server.
    However I have many users using outdated CMS. Also notified many of them, but nobody takes it serious.
    and I really can't upgrade their sites as it may mess up other things and we will have to spend more time fixing their sites.
     
  6. monarobase

    monarobase Well-Known Member

    Joined:
    Jan 26, 2010
    Messages:
    503
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    France
    cPanel Access Level:
    Root Administrator
    Install configderver cxs and put any sites offline that have been hacked. Also look for symlinks in all customers folders if you are not using cloudlinux+cagefs. If it's à symlinks attack you will have to change all mysql passwords and implement a solution so symlinks don't allow cross site access.
     
Loading...

Share This Page