The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Website hacked?

Discussion in 'General Discussion' started by xtronica, Jan 8, 2015.

  1. xtronica

    xtronica Member

    Joined:
    Jan 23, 2014
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    My server with whm was hacked!
    Has anyone any idea how to solve without losing the Bills?

    all sites of my server go to an account of the [removed]
    When you type the server ip pops up the following information! See image:
    nulled.png



    Can somebody help me?

    Thank you
     
    #1 xtronica, Jan 8, 2015
    Last edited by a moderator: Jan 8, 2015
  2. 24x7ss

    24x7ss Well-Known Member

    Joined:
    Sep 30, 2014
    Messages:
    271
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    You have to investigate this issue is your server root compromised or somebody hacked one account and placed hacked pages on all account by linking all accounts config file. You have to close the backdoor from where the hacker entered to server or you have to contact system administrator to investigate the issue.
     
  3. xtronica

    xtronica Member

    Joined:
    Jan 23, 2014
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The main problem is that all sites on the server addresses are translated to addresses from the "adf" to the address (a d f l y/v D i Y 2)
    and I can't find where it might be the error!
    I've seen and updated the dns ips I saw all server configs and rebuild all the places (the index had been changed)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    647
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked:

    Log Files To Check After Account Hacked

    Thank you.
     
  5. whipworks

    whipworks Well-Known Member

    Joined:
    Aug 19, 2014
    Messages:
    105
    Likes Received:
    1
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hey guys. I'm currently experiencing the same problem. Some accounts on the server got hacked. Hacker added a page on the site to make it look legit. Then weird part is, a certain webscanner.com site emailed us about the hacked and wants us to go to their site to fix it. Sounds fishy.

    In any case, the easy fix I see is just remove the page the hacker added. I've also read the link that CPMichael added on top. Will try to check that if I can. But I guess I'm more interested on how to prevent these hacks on our server. Coz it looks like it hacked our server and just randomly targeted websites. It's not like it just hacked one site. Any input on this would be appreciated. Thanks! :)
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    647
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You may want to consult with a qualified system administrator to investigate the logs on your server and determine the source of the attack. The link I provided, and the "Security Advisor" are useful methods of reviewing logs and securing your server, but it's not a replacement for an actual investigation by a qualified security specialist.

    Thank you.
     
  7. whipworks

    whipworks Well-Known Member

    Joined:
    Aug 19, 2014
    Messages:
    105
    Likes Received:
    1
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Is there anything on the WHM interface where we can check the logs? Or does that have to be like an SSH access with Linux commands involved?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    647
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  9. whipworks

    whipworks Well-Known Member

    Joined:
    Aug 19, 2014
    Messages:
    105
    Likes Received:
    1
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Is root access the highest? Because I tried to SSH on the server with root, but it won't allow me to run the commands. Access denied.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    647
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Are you sure you attempted to review the log files with a command such as "grep" or "cat" and didn't simply enter the log file in the command line? Have you used the command-line environment in the past?

    Thank you.
     
Loading...

Share This Page