Domain Redirecting To Another Cpanel Domain
Hello,
I have a VPS and running centOS.
One of my cPanel accounts was compromised by hackers recently.
I cleaned it since all the sites are WordPress, I used wordfence to clean them and deleted some.
Now, that same day it was hacked, I noticed one of my domain (1 out of the 7 domains in the cpanel account as addons) were redirecting to one of my cpanel account's primary domain.
What I mean is, I have 3 cpanel accounts.
1. for clients
2. for myself
3. for a friend
Now, a domain on my own cpanel account says domain.com when visited, it will redirects to domain.com on my client cpanel account.
Although the site was badly compromised.
I had a backup but didn't want to restore it. Instead, I deleted all files and remove the domain.
Today, I've added another domain on my cpanel account as addon says domain.com again... and when visiting the domain, it redirects to a domain in my client's cPanel account.
I'm scared if there was a setting the hacker did to my cpanel account.
Both my cpanel and whm are 2FA enabled.
Please, advise what to do.
thanks.
-
Hey there! It definitely sounds like the account could still be compromised in some way. It's impossible for us to say what the issue could be in this case, but redirects can be set up in the .htaccess, in the Apache configuration (through a parked domain, for example) or directly in a database if you are using tools like WordPress. It seems a more thorough review of that server will be necessary to ensure it is cleaned and safe. 0 -
Okay! What then should I do to ensure you have access to check? It's a WordPress site and it was hosted in Interserver before and working fine. But I recently imported the site content from Interserver hosting to my vps. It was working fine. How can I provide login details? Knowing that I'm using 2FA? 0 -
If you'd like our team to check the server you would need to submit a ticket, as we can't access servers through the forum. It's important to note though that our team does not offer a security scanning service - if you would like that to happen it would be best to work with your host or a third-party administrator here: 0 -
Hel If you'd like our team to check the server you would need to submit a ticket, as we can't access servers through the forum. It's important to note though that our team does not offer a security scanning service - if you would like that to happen it would be best to work with your host or a third-party administrator here:
0 -
That notification is just letting you know the dovecot service, which is part of the email on the server, accessed the cPanel account since you logged in to Webmail, so that is totally normal behavior. 0
Please sign in to leave a comment.
Comments
5 comments