login page hacked
Some of the accounts in our WHM have been attacked, now the cpanel page has a hack page. We can't find anywhere that this is, how can we resolve this issue please? Webmail has the same issue.
- Link Removed -
Thanks!
Adam
-
If you suspect your server's been hacked, you should hire a professional to assist you with it. You can find that sort of thing on the cPanel AppCat, here: [url=http://applications.cpanel.net/]cPanel App Catalog Good luck with this. 0 -
You need to scan complete server on first priority also please see if there are any root symlinks are available. This kind of attack generally occurs when root level hacking occurred. I would suggest you to have a look on below security checklist that you should perform : ================================== CSF hardening Installing Mod-Security with Advanced Rules Installing Clamav Anti Virus Installing Maldet Installing LSM Installing PRM Lockdown & Hardening the Root Password Secure SSHD Port sysctl.conf Hardening host.conf Hardening Network Security with hosts.allow & hosts.deny nsswitch.conf Hardening Enable DDOS Protection Root Login Email Notifications Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm) Security Updates as released by OS and/or Control Panel Disable Unwanted Services Enable PHP Open_Basedir Protection Enable mod_userdir Protection Securing Console Access PHP5 Hardening with disabling php functions. Configuring Anti-Spam Features to Reduce Spam ================================== Also you can have a look at ASL kind of tool which is being much effective against hacking. 0 -
i got hacked too, all my clients got blocked by cpanel, and the suspend page was modified, ok, i unsuspend everybody, but the /cpanel /whm /webmail page redirect to a hacked page, how can i fix this?? Thanks 0 -
There's a "Template editor" in WHM. This is so root and/or resellers can edit pages like the suspended page, etc. If these were edited for root's templates (accounts owned by root and not a reseller) than your server is OWNED (rooted). You need to have your data center re-install the operating system and recover your users data from backups, hopefully after you figure out how you got rooted. If you have WHMCS, I'd be looking there, otherwise your root password was weak or stolen or you had an out-dated kernel that allowed privelege escalation. 0
Please sign in to leave a comment.
Comments
4 comments