The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Web sites compromised

Discussion in 'Security' started by XyBoRg, Jun 25, 2013.

  1. XyBoRg

    XyBoRg Member

    Joined:
    Mar 10, 2013
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,
    I need some suggestions on a problem that I have on my website:(. On my website I have installed WHMCS and other sites written in php. Some hacker is accessing the mysql database and is making changes to the database:eek:. A while ago I was checking my account directories and found that even been able to upload files and directories inside public_html.:eek:

    The hacker does not have access information to my hosting account. I think he's exploiting a PHP vulnerability. But I can not determine where is that vulnerability.

    Any suggestions, on how the hacker upload files, directories, and read information from configuration.php getting the pass to mysql database and modifies it?:confused:

    thank you buddies

    PS: Sorry my bad English... i Speak Spanish :eek:
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    Please check your server security with the following steps

    1) Change your all password (Cpanel, FTP and your WHMCS admin and staff user password)

    2) Install the mod_sec on your server with the correct rules set

    3) Disable the php risk function on your server through PHP.ini file

    4) Install Linux Malware Detect (LMD) on your server and remove the all infected files which you will get in the LMD scan report
    Linux Malware Detect | R-fx Networks

    5) Check your account files and delete the unwanted files and suspicious files which is not require for our account.
     
  3. XyBoRg

    XyBoRg Member

    Joined:
    Mar 10, 2013
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello, thank for your help. I scanned directories with Maldet and detect some malicious files.
     
    #3 XyBoRg, Jun 26, 2013
    Last edited: Jun 26, 2013
  4. XyBoRg

    XyBoRg Member

    Joined:
    Mar 10, 2013
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    MALDET detected this file in one of my directories. I've been looking and I've noticed that it has a lot of tools programmed to hack a website.

    The question now is .. How the hacker could upload that file without having the username and password of cPanel?:eek::confused:
     
    #4 XyBoRg, Jun 26, 2013
    Last edited by a moderator: Jun 26, 2013
  5. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Please do not upload hack script files to the forum.

    There are many ways that a hacker can use remote code execution vulnerabilities in poorly coded scripts to upload and execute code on your server. You really need the assistance of a qualified security administrator to audit the scripts on your site for such vulnerabilities and help you fix them.
     
  6. XyBoRg

    XyBoRg Member

    Joined:
    Mar 10, 2013
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Sorry for the file...

    How can i disallow uploads for only one user? I no need to upload any files and i can deactivate that feature for that cpanel user.

    Is the above a good idea?

    Could you recommend me a good security administrator?

    Best Regards.
     
  7. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We cannot recommend or endorse any particular server administration company, but we have a list of companies that offer this type of service in our application catalog:

    Sys Admin Services | cPanel App Catalog
     
Loading...

Share This Page