Server got hacked: All php files from all accounts deleted

[TapanB]

Today my server got hacked, all php files from all the user accounts got deleted. I had installed CloudLinux, CSX, CSF, ModSecurity and what not, but all just simply failed to protect the server. So I fail to understand whats the point of paying monthly, yearly fee when these software eventually fail ?

The hacker has injected some ecnrypted php code into all the php files and then all were deleted.
CXS is simply bombaring my mailbox after the server has been hacked.

cpane's security advisor shows nothing wrong with the server.
CSF basic check also shows server is fine

I understand if some user's account would have go effected but all accounts which have nothing to do with one another ? What type of security cpanel provides ? Why 1 effected account is able to effect all the other accounts ? Where's the basic security here ???

Why I am paying to CloudLinux ?

Why I am paying to CXS ? Just to get emails afterwards the server is hacked ? I time and again configured CXS to delete the uploaded files which were bad according to it, which seemd to works for few days and then again stopped and shifted back to quarantine. What is wrong with the software ?

What is modsecurity doing ? Can't it block anything ? Seems everytime a silly new update comes, the server becomes prone to hackers. Stupid really.

 

[TapanB]

This is the code that was added to all the php files before they got deleted:

---
- Removed -

How it got deleted ? I don't know. Its pathetic.

 

[Web Souls]

Did you put this query to companies you referred specially CloudLinux. What they claiming for that we put all users under their cage and they can't move on to others.

Have you enabled CageFS?

 

[Infopro]

Why I am paying....

None of your security will make your server bullet proof. You still need to monitor your users and keep all software up to date.

If you don't, can't, you can bet your server might get compromised at some point.

Those emails you're being bombarded with, are your clues to go take a closer look and act, right away. Ignore them at your own peril.

cPanel cannot assist you with a hacked server. Your thread/comments would be best if emailed to your Hosting Provider or a security professional for assistance, instead.

Good luck with this, sorry to hear about your problems.

 

[abdelhost77]

Hello TapanB ,

hope you already recover the server from backup , did you find out how the server have been compromised ? it will be nice to share your experience in order that others will take advantage .

 

[popeye]

You need to keep your server security up to date. and have strong passwords.

 

[mywhm]

See this:

cPanel server got hacked: All php files deleted - Hosting Security and Technology - Web Hosting Talk

Hello TapanB ,

hope you already recover the server from backup , did you find out how the server have been compromised ? it will be nice to share your experience in order that others will take advantage .