The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webpage cracked with ftp cracker

Discussion in 'Security' started by samuelmf, Aug 27, 2010.

  1. samuelmf

    samuelmf Well-Known Member

    Joined:
    May 22, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Perú
    Hi one of the webs of a client on my sever was hacked with this script: /http://www.ghostng.com/images/serte.php
    What can i do in the WHM config to avoid that kind of hacking attempts?

    Ty so much!
     
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Are you saying an FTP user's password was "cracked" (such as by a brute-force attempt to guess the FTP user's password)?

    I would consider ensuring that cPHulk is enabled and or adjust its configuration via the Security Center in WebHost Manager; you may also use WHM to increase the default required password strength that is enforced both for new FTP accounts and when cPanel users modify their existing account password(s).

    Reference menu paths and documentation:
     
  3. samuelmf

    samuelmf Well-Known Member

    Joined:
    May 22, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Perú
    I had the Cphulk disabled

    Hi, thanks for reply, when i enable cphulk this message appears on the screen:

    Warning: VerifyReverseMapping was detected as being enabled for SSHD which causes problems with whitelisting IPs for cPHulkd. VerifyReverseMapping has been set to "no" to prevent issues.

    For this change to take effect, please Restart SSHD at your nearest convenience.



    I have installed on my server the Configserver Firewall Script
     
  4. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    It is normal for cPHulk to first check for SSHd configuration directives that might conflict. To restart SSHd, please try the following area in WebHost Manager: WHM: Main >> Restart Services

    I believe it may be OK to run both cPHulk and CSF.
     
  5. samuelmf

    samuelmf Well-Known Member

    Joined:
    May 22, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Perú
    Service restarted

    Thx, the service was restarted and cphulk, csf and sshd are running well!
     
  6. samuelmf

    samuelmf Well-Known Member

    Joined:
    May 22, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Perú
    Files that the hacker have used

    I will upload the files that the hacker have left on the hacked page.
    -removed by Infopro-

    There are the files the hacker left on my site, if someone have knowings about programing and linux at expert level could analyse to help other prevent that kind of hackings.

    If the files are risky please let me know, to delete them!

    Ty
     
    #6 samuelmf, Aug 28, 2010
    Last edited by a moderator: Aug 28, 2010
Loading...
Similar Threads - Webpage cracked ftp
  1. RisenAngel
    Replies:
    6
    Views:
    814

Share This Page