foxmedo

Member
Apr 21, 2014
12
0
1
cPanel Access Level
Root Administrator
Hello All,

10 days ago my server has been hacked and the hacker has move files from host to an other, i received many email from the datacenter about the abuse, the hacker has create many files on my server and in all accounts of my clients which contain fake gmail, yahoo and hotmail page,

i have find many shell files crypted with base64
i have remove all page created by this hacker
i have update my PHP using EasyApache this is my current config
Contains Apache 2.4, PHP 5.6, PHP 7.0, and PHP 7.1
i have disabled many php functions

and now i find this image on phpinfo is it normal ?
- Removed -


how can i check my security level ? any advising ?

waiting for your help

B.R
 
Last edited by a moderator:

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,488
188
193
Chesapeake, VA
greenolivetree.net
cPanel Access Level
DataCenter Provider
I saws the image before it was removed and no, its not normal for sure. Sounds like you got hit really hard.

In cases like this we suggest you get a new server and move sites over one at a time only after the contents of the site have been validated as completely clean. Your old server should not be trusted any more, its unlikely you would be able to correct everything they stuck in there.
 

foxmedo

Member
Apr 21, 2014
12
0
1
cPanel Access Level
Root Administrator
i screenshot was removed by the moderator, you can see the screenshot on this link - Removed -

it's head of men, in some version i have php elephant
 
Last edited by a moderator:

foxmedo

Member
Apr 21, 2014
12
0
1
cPanel Access Level
Root Administrator
FYI, hackers didn't delete any file from the server they have try to send some emails but when i have delete their files every think has stoped, do you think they still have an access to the server ? they didnt login using shell i have check all logs and the only [email protected] is mine