Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server compromised Question

Discussion in 'Security' started by mitt, Feb 9, 2015.

  1. mitt

    mitt Member

    Joined:
    May 11, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    151
    Hi All, got a message indicating LFD failed and not long after a notification that there was a successful root login. Root password has been changed and we no longer have root access. This attack is a combo of vulnerabilities as our root password is a random 12 character password.

    We pulled the server and have physical access to it. Looking for some suggestions to regain control over the machine.. or any suggestions at all. thanks.
     
  2. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    907
    Likes Received:
    13
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Some may tell you to format the OS and reinstall from backups.............. it is the only sure way to be safe. But,
    what damage has been done so far? You may want to try blocking all access to WHM and ssh except through your own IP address and see what happends. If the hacker is blocked out you may be lucky. You can do this in WHM>>>>>security center>>>>host access control.
     
    #2 kernow, Feb 9, 2015
    Last edited: Feb 9, 2015
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You should consult with a system administrator to determine the source of the attack if possible, and then transfer the accounts or back them up for restoration on a server with a fresh installation of the OS and cPanel. Going forward, the following URLs should help you ensure your server is secure:

    Security Advisor - cPanel Documentation
    Recommended Security Settings - cPanel Documentation
    Tips to Make Your Server More Secure - cPanel Documentation
    [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) - cPanel Forums

    Thank you.
     
Loading...

Share This Page