Step by step, how do I change my cPanel Ftp passwords and mysql

[butter99]

I need a Step by step on how to change my cPanel Ftp passwords and mysql? And ideas on anything else to change would be good because a hacker changed all my index.php files on like 100 websites.

I got hacked a few days ago and really need to change this info. Im hoping this would prevent him from getting in and abusing my sites any further. He already changed the index.php to use as his own advert.

I found this http://forums.cpanel.net/f34/change-all-user-cpanel-password-198772.html
but not being a programmer, where do I place the "scripts" code to do what is says to do? Do I create a file? Do I go to phpmyadmin? How is it done?

Also, is there any way to get the original index.php file back? Or, since he changed it, is it gone forever? I did not back up all my sites, so I may just be outa luck for that part. At least many are wp sites, so its not complicated.

Steps would be fantastic

 

[cPanelMichael]

Hello

Was root access obtained on the server or was it isolated to individual accounts? Please keep in mind that if your server was rooted, it's recommended to reinstall the OS/cPanel and restore your accounts from backup. I highly advise consulting with a qualified system administrator if you are unsure how this happened, as changing the passwords is not really going to prevent it from happening again.

Thank you.

 

[butter99]

hm, ok.

I really wouldnt know if they accessed my root or just accounts.

My cpanel is with hostgator, they told me they could clean it up, but without changing "the passwords" there would be no guarantee that they wouldnt access again and inject code. So I updated all my wordpress sites and plugins and now want to bulk change all my ftp pass and mysql pass and hope that will come closest to eliminating their access. Then I may pay hostgator their fee of $75 so they can "clean up the code" etc.

If you've got any suggestions for this situation, please advise. I know this happens to tons of people and their must be some procedure for reducing future hacks.

ideas? change passwords? Which passwords? How?

 

[mageshm]

@ butter99,

You are having dedicated server or VPS ?

It seem's that you don't know how its happened and root causes of issues.

So better, do what cPanelMichael advised.

Cpanel recomanded server managment company list is there in cpanel site itself but i don't know the exact link, find it for better solution.

 

[cPanelMichael]

You can find a list of system administration companies should you decide to seek assistance at:

cPanel Application Catalog - System Admin Services

Thank you.

 

[butter99]

my hostgator cpanel is simply business shared hosting. So I wouldnt think they obtained root access, but I guess I wouldnt know.

Would a professional know how he accessed? Or is it impossible to know?

If I pay hostgator $75 for "clean up", do you think theyll do a better job than a company or not?

 

[cPanelMichael]

I would ask for more information and details about what exact steps they would take. Again, it's likely a better idea to reinstall the OS/cPanel and restore your accounts from backup if your server was rooted.

Thank you.

 

[butter99]

I would ask for more information and details about what exact steps they would take. Again, it's likely a better idea to reinstall the OS/cPanel and restore your accounts from backup if your server was rooted.

Thank you.

Yes, I agree about just reinstalling the backup, but the hack occured right in the middle of 10 sites we were building, plus I think code had been injected at some earlier point as well. So who knows where to restore at, plus id lose a bunch of sites, I would imagine.

Hostgator said, change my mysql pass and ftp pass, but they didnt explain how to do it. Would I have to do that manually with my business shared hosting account? Or, maybe the script would work?

 

[cPanelMichael]

Again, I really suggest consulting with a qualified system administrator. Simply changing the passwords is not going to do anything but temporarily patch an issue that could happen again if you do not investigate how it happened.

Thank you.

 

[georgeb]

Would a professional know how he accessed? Or is it impossible to know?

Yes, but if you are in a shared environment only Hostgator or whatever your provider is, will know exactly what happened consulting the logs of the server.

If I pay hostgator $75 for "clean up", do you think theyll do a better job than a company or not?

Again you don't have to pay $75 because you are not in control of the server or of the security policy, the provider is the one responsible with the security of the server. If you pay that amount probably you have extra money to spend.

So gain you have to contact Hostgator support to clean up the mess, they are in control of the server where you are hosted. Simple no?

 

[butter99]

Well, hostgator has given me tips, but will not clean my server hacker codes until I pay them $75.

They did finally say that it would be best to change all FTP and mysql passwords. This is what Ive been wanting to do all along, but nobody has given me any beginner help on how to do so. I found these scripts to "bulk change the passwords", but I dont know where to add the codes or run them---> http://forums.cpanel.net/f34/change-all-user-cpanel-password-198772.html

This is the script to bulk change all ftp and or mysql pass-->

1. take all usernames in one file------>
ls -la /home | awk '{print $3}' | grep -v root | grep -v wheel | grep -v cpanel | grep -v apache >> list.txt

2. change all passwords randomly----->
#!/bin/bash
str0="$$"
for i in `more users.txt `
do
POS=2
LEN=8 # Make password 8 characters.
str1=$( echo "$str0" | md5sum | md5sum )
randstring="${str1:$POS:$LEN}"
let str0=str0+5
echo "$i $randstring" >> newpass.txt
/usr/local/cpanel/scripts/realchpass $i $randstring
/scripts/ftpupdate
done


HOW do I run these scripts? Anybody? Im a beginner when it comes to this stuff. I need to add it to my "business shared hosting at hostgators cpanel". How?

 

[butter99]

well, I never figured out how to use this script to change all my ftp pass and mySQL pass, so I just changed them all manually. DONE

If someone wants to explain, that would be great for next time someone hacks a hostgator shared hosting account.