The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server got hacked: All php files from all accounts deleted

Discussion in 'Security' started by TapanB, Nov 17, 2014.

  1. TapanB

    TapanB Active Member

    Joined:
    Nov 29, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Today my server got hacked, all php files from all the user accounts got deleted. I had installed CloudLinux, CSX, CSF, ModSecurity and what not, but all just simply failed to protect the server. So I fail to understand whats the point of paying monthly, yearly fee when these software eventually fail ?

    The hacker has injected some ecnrypted php code into all the php files and then all were deleted.
    CXS is simply bombaring my mailbox after the server has been hacked.

    cpane's security advisor shows nothing wrong with the server.
    CSF basic check also shows server is fine

    I understand if some user's account would have go effected but all accounts which have nothing to do with one another ? What type of security cpanel provides ? Why 1 effected account is able to effect all the other accounts ? Where's the basic security here ???

    Why I am paying to CloudLinux ?

    Why I am paying to CXS ? Just to get emails afterwards the server is hacked ? I time and again configured CXS to delete the uploaded files which were bad according to it, which seemd to works for few days and then again stopped and shifted back to quarantine. What is wrong with the software ?

    What is modsecurity doing ? Can't it block anything ? Seems everytime a silly new update comes, the server becomes prone to hackers. Stupid really.
     
  2. TapanB

    TapanB Active Member

    Joined:
    Nov 29, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    This is the code that was added to all the php files before they got deleted:

    ---
    - Removed -

    How it got deleted ? I don't know. Its pathetic.
     
    #2 TapanB, Nov 17, 2014
    Last edited by a moderator: Nov 17, 2014
  3. Web Souls

    Web Souls Registered
    PartnerNOC

    Joined:
    Feb 28, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lahore, Pakistan
    cPanel Access Level:
    Root Administrator
    Did you put this query to companies you referred specially CloudLinux. What they claiming for that we put all users under their cage and they can't move on to others.

    Have you enabled CageFS?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    None of your security will make your server bullet proof. You still need to monitor your users and keep all software up to date.

    If you don't, can't, you can bet your server might get compromised at some point.

    Those emails you're being bombarded with, are your clues to go take a closer look and act, right away. Ignore them at your own peril.

    cPanel cannot assist you with a hacked server. Your thread/comments would be best if emailed to your Hosting Provider or a security professional for assistance, instead.

    Good luck with this, sorry to hear about your problems.
     
  5. abdelhost77

    abdelhost77 Well-Known Member

    Joined:
    Apr 25, 2012
    Messages:
    81
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello TapanB ,

    hope you already recover the server from backup , did you find out how the server have been compromised ? it will be nice to share your experience in order that others will take advantage .
     
  6. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    You need to keep your server security up to date. and have strong passwords.
     
  7. mywhm

    mywhm Active Member

    Joined:
    Jan 15, 2014
    Messages:
    27
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page