Skip to main content

CSF, cpHulk, all kind of security, and I get hacked.

Comments

8 comments

  • georgeb
    CSF has nothing to do with this kind of hack, you have to control anything that is uploaded to your server, control who is using SSH etc. Many things...If you believe that just installing CSF you are safe, you are wrong, CSF is great but you have to control any file that is uploaded to your server. You can use CXS (with Mod Security) from Config Server, or your own scripts, elaborate security inside your server, control who is connected via SSH etc, check logs, inform you when any other is connected root via SSH. There are many things to check, not just wait until the hacker is inside your server. Many things to do...If you don't know to do those things it is better to hire somebody who knows, like this you'll save a lot of money not been hacked.... Regards
    0
  • quizknows
    Most of the time hackers get in through an outdated website, often joomla or wordpress with old plugins. If they are able to erase root-owned logs, then it is very likely your kernel was old and let an exploit on one hacked site escalate to root priveleges. At this point you need to have your host make a new server with a clean operating system, new kernel, and new root password, and then migrate all of your users to that server. The sites should be scanned for malware by a professional, ideally prior to moving the to the new server.
    0
  • 24x7server
    Basically hacker are using shell scripts to excite any perl scripts on server so you will have to scan your all websites for the shell scripts, You can find out shell scripts through maldet (LMD) scan. Also install [url=http://applications.cpanel.net/configserver-exploit-scanner-cxs/]ConfigServer eXploit Scanner and mod_Security on your server
    0
  • Easylife
    maybe your computer system has its own problem, and hacker stolen all these files by vicious code,so I suggest that you should reinstall the system.
    0
  • cPanelMichael
    Hello :) It's a good idea to consult with a qualified system administrator if your server has been rooted. Going forward, the cPanel Security Advisor Addon may be useful for helping you to determine which options you can enable on your system to improve security: cPanel Security Advisor Addon Thank you.
    0
  • nourjabi
    thanks everyone for your info, i will look into it. and report if any succed:)
    0
  • nourjabi
    I have worked out few CSF modifications, and ran CSF Security test, and fixed many holes here and there, and seems everything is smooth and all those IPs trying to hack into the server are blocked. :) thanks everyone
    0
  • inthukha
    Well, i m still suggest you to run clamd, LMD, rootkit hunter as well for detecting exploits. because if they change the logs it means they can do anything if their exploit existing in the system.
    0

Please sign in to leave a comment.