The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

symbolic atack whm

Discussion in 'Security' started by romanepo, Oct 27, 2013.

  1. romanepo

    romanepo Active Member

    Joined:
    Sep 24, 2013
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,
    I installed new centos and whm server.After restore backup i see my all website hacked step by step.How to i stop race symbolic atack whm and protect my whm server.Please need urgent solution.

    Thank You
    Roman E
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Someone else may have a better solution, but I would suggest you reload that server again from the top, and secure it. And then take a closer look at that backup before attempting to restore it.
     
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Yes, I will also suggest you to secure your server before restoring your account. Also scan your full server and please see if there are any root symlinks are available. This kind of attack generally occurs when root level hacking occurred. I would suggest you to have a look on below security checklist that you should perform :

    ==================================
    Install CSF
    Inistall Mod-Security with Advanced Rules
    Inistall Clamav Anti Virus
    Inistall Maldet and scan your full server
    Inistall LSM
    Inistall PRM
    Lockdown & Hardening the Root Password
    Secure SSHD Port
    sysctl.conf Hardening
    host.conf Hardening
    Network Security with hosts.allow & hosts.deny
    nsswitch.conf Hardening
    Enable DDOS Protection
    Root Login Email Notifications
    Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm)
    Security Updates as released by OS and/or Control Panel
    Disable Unwanted Services
    Enable PHP Open_Basedir Protection
    Enable mod_userdir Protection
    Securing Console Access
    PHP5 Hardening with disabling php functions.
    Configuring Anti-Spam Features to Reduce Spam
    ==================================
     

Share This Page