Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

login page hacked

Comments

4 comments

  • Infopro
    If you suspect your server's been hacked, you should hire a professional to assist you with it. You can find that sort of thing on the cPanel AppCat, here: [url=http://applications.cpanel.net/]cPanel App Catalog Good luck with this.
    0
  • 24x7server
    You need to scan complete server on first priority also please see if there are any root symlinks are available. This kind of attack generally occurs when root level hacking occurred. I would suggest you to have a look on below security checklist that you should perform : ================================== CSF hardening Installing Mod-Security with Advanced Rules Installing Clamav Anti Virus Installing Maldet Installing LSM Installing PRM Lockdown & Hardening the Root Password Secure SSHD Port sysctl.conf Hardening host.conf Hardening Network Security with hosts.allow & hosts.deny nsswitch.conf Hardening Enable DDOS Protection Root Login Email Notifications Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm) Security Updates as released by OS and/or Control Panel Disable Unwanted Services Enable PHP Open_Basedir Protection Enable mod_userdir Protection Securing Console Access PHP5 Hardening with disabling php functions. Configuring Anti-Spam Features to Reduce Spam ================================== Also you can have a look at ASL kind of tool which is being much effective against hacking.
    0
  • m0rpheu5
    i got hacked too, all my clients got blocked by cpanel, and the suspend page was modified, ok, i unsuspend everybody, but the /cpanel /whm /webmail page redirect to a hacked page, how can i fix this?? Thanks
    0
  • quizknows
    There's a "Template editor" in WHM. This is so root and/or resellers can edit pages like the suspended page, etc. If these were edited for root's templates (accounts owned by root and not a reseller) than your server is OWNED (rooted). You need to have your data center re-install the operating system and recover your users data from backups, hopefully after you figure out how you got rooted. If you have WHMCS, I'd be looking there, otherwise your root password was weak or stolen or you had an out-dated kernel that allowed privelege escalation.
    0

Please sign in to leave a comment.