My account hacked

rag_gupta

• October 27, 2013 02:09

My CPanel/WHM account(two) have been hacked using some Cpanel vulnerability ... I think. To reduce risk of attack I'm maintaining Joomla sites in different account. In one account home directory a dasher.php was placed. While in other LICESNE.php was placed. I've attached the original access_log which is encrypted with passwd. The attack has come from IP : 199.115.117.242 You can see that an infection dasher.php was uploaded. I've changed the login name, server name and the ip address in this log file Can you please tell me what could be the vulnerability?

• 

  Infopro

  • October 27, 2013 12:13

  I've removed the attachment from your post. There's no need for that here. You might do better to take a closer look at your Joomla install and whatever plugins you're using to make sure it's all fully up to date. If you require assistance in doing so, you might want to hire someone from the cPanel AppCat: [url=http://applications.cpanel.net]cPanel App Catalog Good luck with this.

  0
• 

  24x7server

  • October 27, 2013 13:13

  Hello, Install LMD scanner on your server and scan your whole server and remove all php shell script from your server and install ConfigServer Security Firewall along with Mod_Security.

  0

Please sign in to leave a comment.