The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM/cPanel Hacked

Discussion in 'Security' started by fernandosouza, Jan 15, 2012.

  1. fernandosouza

    fernandosouza Member

    Joined:
    Jan 15, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    BR
    cPanel Access Level:
    Root Administrator
    Hi

    Sorry my bad english.

    I login in whm (via root) and had this message:

    Code:
    !!! Hacked By pSyCh0_3D & s-man!!!
    
    Moslem Arfaoui & Sami Fakhfakh
    
    Tunisien Hackers
    
    What`s Up , What`s up ?
    
    S0rry the end is here !
    
    I dan't delete anything from your site i just change your index to set up this video
    
    This is not comedian or not action movies this is a reality
    
    welcome to reality visitor
    
    I am not afraid at all that enter the jail to a noble cause
    
    Moslem Arfaoui pSyCh0_3D was here
    
    Tunisien And Muslim Hacker
    
    
    
    Thankz's to:|BLACK.JaGuAr|Th3 MMA|Fontom|CONGRESS|kinG oF coNTroL|Ace|e.V.E.L|X-Majid|aBu.HaliL501|
    Soon after this, no site wants to go .. I checked and apparently "Mecha" in apache and changed something NO site / link opens. Only Cpanel / whm

    And this, I tried to restart via cpanel (httpd) the error ...
    I tried to recompile (easyapache) error

    Upgrades have also given and nothing happens.

    Apache restart error
    Code:
    Apache restart failed. Unable to load pid from pid file and no httpd process found in process list.
    
    If apache restart reported success but it failed soon after, it may be caused by oddities with mod_ssl.
    
    You should run /usr/local/cpanel/scripts/ssl_crt_status as part of your troubleshooting process. Pass it --help for more details.
    
    Also be sure to examine apache's various log files.
    Apache Restart Output:
    
    Log:
    Can anyone help me? Its reinstall apache?
     
    #1 fernandosouza, Jan 15, 2012
    Last edited: Jan 15, 2012
  2. Jay M

    Jay M Active Member
    PartnerNOC

    Joined:
    Oct 10, 2011
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    It's about time to re-provision it I'm afraid... Not point trying to recover it if you're rooted.
     
  3. fernandosouza

    fernandosouza Member

    Joined:
    Jan 15, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    BR
    cPanel Access Level:
    Root Administrator
    :confused::confused:

    I did not understand anything.

    What do I do? Or Reinstalling Apache? I have to do a FULL backup (accounts, mysql, etc, etc) and you can restore in cpanel after I reinstall?
     
  4. faisikhan

    faisikhan Well-Known Member

    Joined:
    Dec 12, 2011
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Islamabad, Pakistan
    cPanel Access Level:
    Root Administrator
    Hey

    Did you contact your hosting company immediately about this as there can be several causes of such hacks. Please take the backups of all the accounts and disable them now. Change all the passwords including FTP, MySQL, root of the server, install or update strong firewall & scan your accounts with an anti-virus. Such hacks can be caused due to the older versions of Java, Joomla or other plugins so you will have to update them if any. Also it would be good for you if you open a ticket with C-Panel, their support will also assist you.
     
  5. fernandosouza

    fernandosouza Member

    Joined:
    Jan 15, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    BR
    cPanel Access Level:
    Root Administrator
    Hello

    Thanks I changed the passwords, etc., etc.. And as I told the hosting. But what I will do now to open the sites again? I opened a ticket in the cPanel, they said they can not solve the problems, told me to hire an analyst.

    AFF

    Since the problem is the cPanel
     
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We do not provide assistance with cleaning up compromised or hacked servers. If you submit a ticket, we will look at the server to determine if the problem happened as a result of a vulnerability in cPanel, but that is the extent of our support for server compromises. You will need to hire an qualified server administrator to clean up your server. We maintain a list of companies that offer server administration services in our application catalog:

    Application Catalog

    If the server was compromised at the root level, the only sure way to eliminate the compromise is to reformat the hard drive, reinstall the operating system and cPanel, and restore your accounts from clean backups that were made before the compromise happened. This is another reason why it is important to have a backup regimen in place, and to test the backups regularly, before a problem happens.

    If you have a server that appears to be compromised, please submit a ticket, and we will investigate it. However, the extent of our investigation is only to determine if a problem in cPanel allowed the compromise to happen. We cannot help you clean your server.

    If you have already submitted a ticket on this subject, please give me the ticket number and I would be happy to follow up on it.
     
  7. fernandosouza

    fernandosouza Member

    Joined:
    Jan 15, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    BR
    cPanel Access Level:
    Root Administrator

    Hello,

    I have sent ticket and did not warn me anything! The number is 2115306

    How do I format the driver, but I can not format and lose data (accounts, etc.) and how do I do to be able to do a FULL backup of all accounts and I will restore them after reinstalling centos / cpanel / driver

    Now I'm not getting or creating accounts. "Unable to create account (username of account)
     
  8. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We have been waiting for you to accept the agreement that was mentioned in the ticket. I see that you have just now accepted the agreement, so an analyst will investigate the compromise with the purpose of discovering if anything in cPanel allowed it to happen.

    Please monitor the ticket for updates.

    If the server is root-level compromised, you will need to reformat the hard drive and reinstall the operating system. Unfortunately, this does mean reformatting over data. This situation is why it is important to make backups regularly, and test them, before a bad situation happens. If you make backups now, there is a very good chance that you will back up a vulnerability that allowed the compromise to happen, and then when you restore the backups, you will also restore that vulnerability.

    An analyst is looking at your ticket now and will update you in the ticket as soon as possible.
     
Loading...

Share This Page