The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

URGENT:my server hacked by a hacker! plz help me

Discussion in 'General Discussion' started by 4402734, Jun 22, 2006.

  1. 4402734

    4402734 Active Member

    Joined:
    Sep 20, 2005
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    Some one hacked my server and inserted a file in one of the hosts . this file called "fantic.php" that hacker can view entire hosts`s files and can edit writable files on server and can view files`s contents...
    i tried to enable "open_basedir protection" and this action, disabled the "fantic.php" file operation on other hosts, but i saw this hacker activate on my server again, when i traced , i saw that she/he is using http://serversharedip/~hostuser/ link to public access "fantic.php" file and at this way, open_basedir dosn`t work and so this hacker can have access to other hosts.
    i tried to enable "mod_userdir Protection" , and anything was ok, but after restarting apache, automatrically "mod_userdir Protection" disabled and didn`t work. i tried to enable it again, but , it didn`t enable ....
    now i don`t know what to do, please, help me!

    I do apologize because of my bad english

    Thanks
    Abolfazl
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    The first thing you need to do is cleaning up your server. Remove all the scripts the hacker downloaded and installed on your server. Second, secure your server. Search these forums as there are many threads discussing server security. If you don't know, hire a sys admin to take care of this problem for you.
     
  3. jsnape

    jsnape Well-Known Member

    Joined:
    Mar 11, 2002
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    16
    Looks like that one is a renamed php shell script, and is uploaded to a few abandoned photo galleries.
     
Loading...

Share This Page