Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Hacked :( Script to replace index file from backup

Discussion in 'General Discussion' started by crazyaboutlinux, Apr 26, 2011.

  1. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    939
    Likes Received:
    0
    Trophy Points:
    66
    Hi,

    Recently our server got hacked, I checked logs but logs are rotated already so i can not find out how did they got it..., I did changed all users & root password AND also disabled the cpbackup so that the weekly backup don't get overwritten.

    Only index page hacked & rest of things are as it is. hacker has replaced following files to the root(public_html) directories of respective users

    index.html, index.htm, index.php, default.html, default.htm & default.php . we had manually removed these files from root(public_html) directories of each users & restored their index pages.

    Now i am looking for a script which run & remove hacked pages " index.html, index.htm, index.php, default.html, default.htm & default.php " from /home/*/public_html/ AND restore default index pages from the /baclup/cpbackup/weekly/ to the root (public_html) directories of respective users /home/*/public_html

    so that we & others can save the time.

    Looking for your kind support guys :)
     
    #1 crazyaboutlinux, Apr 26, 2011
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,781
    Likes Received:
    466
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Scroll to the bottom of this very thread and check the "Similar Threads" section. There are multiple threads on this forum concerning this topic that you might find useful. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, Apr 26, 2011
  3. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    939
    Likes Received:
    0
    Trophy Points:
    66
    These are very old threads around a year so i have opened a new ticket.
     
    #3 crazyaboutlinux, Apr 27, 2011
  4. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    939
    Likes Received:
    0
    Trophy Points:
    66
    any news ??
     
    #4 crazyaboutlinux, Apr 30, 2011
  5. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    939
    Likes Received:
    0
    Trophy Points:
    66
    Hi Guy's

    Any update on this ??
     
    #5 crazyaboutlinux, May 5, 2011
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,606
    Likes Received:
    33
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You may wish to hire a qualified system administrator who performs script development to help when you have security issues:

    Dev & Sys Admin Services « Application Catalog

    Such services also typically would help after an account has been exploited in fixing it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelTristan, May 5, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Server Hacked Script
  1. kalexanakis

    Server hacked using pam_fprintd.so?

    kalexanakis, Jun 7, 2017, in forum: Security
    Replies:
    8
    Views:
    1,866
    Jcats
    Jun 23, 2017
  2. froi-manila

    Opening a mailing list returns Internal Server Error

    froi-manila, Apr 24, 2019 at 2:40 AM, in forum: E-mail Discussion
    Replies:
    3
    Views:
    122
    cPanelLauren
    Apr 25, 2019 at 9:11 AM
  3. Rodney Ford

    SMTP error from remote mail server after pipelined MAIL 550 5.7.1

    Rodney Ford, Apr 22, 2019 at 3:05 PM, in forum: E-mail Discussion
    Replies:
    3
    Views:
    203
    unigen
    Apr 25, 2019 at 12:24 AM
  4. John Ang

    Setup hostname and nameservers question

    John Ang, Apr 22, 2019 at 9:42 AM, in forum: Bind/DNS/Nameserver
    Replies:
    3
    Views:
    72
    cPanelLauren
    Apr 23, 2019 at 4:01 PM
  5. speckados

    Move backups to another server and remove backups

    speckados, Apr 22, 2019 at 2:32 AM, in forum: Data Protection
    Replies:
    5
    Views:
    90
    cPanelLauren
    Apr 24, 2019 at 12:00 PM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice