server security is breached?

[niceboy]

Hi,

One of my customers site was hacked due to outdated theme. I found some php shell script.

I copied it to one of my cpanel account hosted on the server, changed the md5 password used in the script and tried accessing it thru browser.

Even though it could not allow to see any contents in /home or /root folder, I can browse to / , /usr/bin/ and /bin folders thru the script.

Is there any thing to worry here? Please respond..

 

[cPanelMichael]

Hello

It's difficult to speculate on exactly what data may have been accessible. I recommend consulting with a qualified system administrator if you are concerned that your server may have been compromised. Going forward, you may want to review your existing configuration in order to prevent this type of attack. While not yet intended for general use, the cPanel Security Advisor can help provide general tips on improving your system's security.

Open source cPanel Security Advisor Addon

Thank you.

 

[quizknows]

Hi,

One of my customers site was hacked due to outdated theme. I found some php shell script.

I copied it to one of my cpanel account hosted on the server, changed the md5 password used in the script and tried accessing it thru browser.

Even though it could not allow to see any contents in /home or /root folder, I can browse to / , /usr/bin/ and /bin folders thru the script.

Is there any thing to worry here? Please respond..

This is perfectly normal; those areas have to be world readable for linux to function. Most likely it's just the one site you have to worry about, get them restored/patched and you should be all set. Some other recommendations going forward would be cloudlinux with cagefs and securelinks, and perhaps atomicorp or tustwaves premium modsecurity rule sets.

 

[niceboy]

Thanks for valuable suggestions..

I did check all logs and scanned with lmd, rkhunter, clamav and found nothing suspicious.

Seems that it is a single compromised site. Unfortunately, I'm on a openvz vps and can't use cloudlinux.