The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server compromised Question

Discussion in 'Security' started by mitt, Feb 9, 2015.

  1. mitt

    mitt Member

    May 11, 2004
    Likes Received:
    Trophy Points:
    Hi All, got a message indicating LFD failed and not long after a notification that there was a successful root login. Root password has been changed and we no longer have root access. This attack is a combo of vulnerabilities as our root password is a random 12 character password.

    We pulled the server and have physical access to it. Looking for some suggestions to regain control over the machine.. or any suggestions at all. thanks.
  2. kernow

    kernow Well-Known Member

    Jul 23, 2004
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Some may tell you to format the OS and reinstall from backups.............. it is the only sure way to be safe. But,
    what damage has been done so far? You may want to try blocking all access to WHM and ssh except through your own IP address and see what happends. If the hacker is blocked out you may be lucky. You can do this in WHM>>>>>security center>>>>host access control.
    #2 kernow, Feb 9, 2015
    Last edited: Feb 9, 2015
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    You should consult with a system administrator to determine the source of the attack if possible, and then transfer the accounts or back them up for restoration on a server with a fresh installation of the OS and cPanel. Going forward, the following URLs should help you ensure your server is secure:

    Security Advisor - cPanel Documentation
    Recommended Security Settings - cPanel Documentation
    Tips to Make Your Server More Secure - cPanel Documentation
    [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) - cPanel Forums

    Thank you.

Share This Page