Server got hacked: All php files from all accounts deleted

TapanB

Active Member
Nov 29, 2004
40
0
156
Today my server got hacked, all php files from all the user accounts got deleted. I had installed CloudLinux, CSX, CSF, ModSecurity and what not, but all just simply failed to protect the server. So I fail to understand whats the point of paying monthly, yearly fee when these software eventually fail ?

The hacker has injected some ecnrypted php code into all the php files and then all were deleted.
CXS is simply bombaring my mailbox after the server has been hacked.

cpane's security advisor shows nothing wrong with the server.
CSF basic check also shows server is fine

I understand if some user's account would have go effected but all accounts which have nothing to do with one another ? What type of security cpanel provides ? Why 1 effected account is able to effect all the other accounts ? Where's the basic security here ???

Why I am paying to CloudLinux ?

Why I am paying to CXS ? Just to get emails afterwards the server is hacked ? I time and again configured CXS to delete the uploaded files which were bad according to it, which seemd to works for few days and then again stopped and shifted back to quarantine. What is wrong with the software ?

What is modsecurity doing ? Can't it block anything ? Seems everytime a silly new update comes, the server becomes prone to hackers. Stupid really.
 

TapanB

Active Member
Nov 29, 2004
40
0
156
This is the code that was added to all the php files before they got deleted:

---
- Removed -

How it got deleted ? I don't know. Its pathetic.
 
Last edited by a moderator:

Web Souls

Registered
PartnerNOC
Feb 28, 2014
2
0
1
Lahore, Pakistan
cPanel Access Level
Root Administrator
Did you put this query to companies you referred specially CloudLinux. What they claiming for that we put all users under their cage and they can't move on to others.

Have you enabled CageFS?
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Why I am paying....
None of your security will make your server bullet proof. You still need to monitor your users and keep all software up to date.

If you don't, can't, you can bet your server might get compromised at some point.

Those emails you're being bombarded with, are your clues to go take a closer look and act, right away. Ignore them at your own peril.

cPanel cannot assist you with a hacked server. Your thread/comments would be best if emailed to your Hosting Provider or a security professional for assistance, instead.

Good luck with this, sorry to hear about your problems.
 

abdelhost77

Well-Known Member
Apr 25, 2012
116
2
68
Morocco
cPanel Access Level
Root Administrator
Hello TapanB ,

hope you already recover the server from backup , did you find out how the server have been compromised ? it will be nice to share your experience in order that others will take advantage .