The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

server security is breached?

Discussion in 'Security' started by niceboy, Sep 6, 2013.

  1. niceboy

    niceboy Active Member

    Joined:
    Sep 29, 2011
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi,

    One of my customers site was hacked due to outdated theme. I found some php shell script.

    I copied it to one of my cpanel account hosted on the server, changed the md5 password used in the script and tried accessing it thru browser.

    Even though it could not allow to see any contents in /home or /root folder, I can browse to / , /usr/bin/ and /bin folders thru the script.

    Is there any thing to worry here? Please respond..
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's difficult to speculate on exactly what data may have been accessible. I recommend consulting with a qualified system administrator if you are concerned that your server may have been compromised. Going forward, you may want to review your existing configuration in order to prevent this type of attack. While not yet intended for general use, the cPanel Security Advisor can help provide general tips on improving your system's security.

    Open source cPanel Security Advisor Addon

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    This is perfectly normal; those areas have to be world readable for linux to function. Most likely it's just the one site you have to worry about, get them restored/patched and you should be all set. Some other recommendations going forward would be cloudlinux with cagefs and securelinks, and perhaps atomicorp or tustwaves premium modsecurity rule sets.
     
  4. niceboy

    niceboy Active Member

    Joined:
    Sep 29, 2011
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks for valuable suggestions..

    I did check all logs and scanned with lmd, rkhunter, clamav and found nothing suspicious.

    Seems that it is a single compromised site. Unfortunately, I'm on a openvz vps and can't use cloudlinux.
     
Loading...

Share This Page