Hacked Server
My sites on the latest cPanel server being hacked from time-by-time. I had set and configured csf&lfd, also I had enabled today mod_userdir, disabled php functions:
But today few my sites were hacked again by exploit. I found that Apache 2 ITK MPM can be useful in such case. Can somebody tell me what I need to check?
apache_child_terminate,apache_setenv,define_syslog_variables,escapeshellarg,escapeshellcmd,eval,exec,fp,fput,ftp_connect,ftp_exec,ftp_get,ftp_login,ftp_nb_fput,ftp_put,ftp_raw,ftp_rawlist,highlight_file,ini_alter,ini_get_all,ini_restore,inject_code,mysql_pconnect,openlog,passthru,php_uname,phpAds_remoteInfo,phpAds_XmlRpc,phpAds_xmlrpcDecode,phpAds_xmlrpcEncode,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,syslog,system,xmlrpc_entity_decode,phpinfo,show_source,symlink,dlBut today few my sites were hacked again by exploit. I found that Apache 2 ITK MPM can be useful in such case. Can somebody tell me what I need to check?
-
Hello :) You could start by using the "Security Advisor" option in Web Host Manager. This will complete a basic check of your server to ensure some of the more common vulnerabilities are addressed. However, you likely should consult with a qualified system administrator to help determine the source of the exploit if you are not comfortable doing this on your own. Thank you. 0 -
Recompile Apache to include sim link protection, but your best doing a fresh install if you have already been hacked. Change the server IP to. 0 -
[quote="cPanelMichael, post: 1706761">Hello :) You could start by using the "Security Advisor" option in Web Host Manager. This will complete a basic check of your server to ensure some of the more common vulnerabilities are addressed. However, you likely should consult with a qualified system administrator to help determine the source of the exploit if you are not comfortable doing this on your own. Thank you.
Hi Michael, I saw a lot of your posts here. Most of them was very helpful. But why your answer here so skimpy? :) As I said before, I had performed a lot and lot of actions to make my server more secure, I had installed a lot of extensions, I followed with Security Advisor suggestions etc. but my server is still unsecure. From I found, they used php shell script to perform penetration. I have one example of such script. Is there any way how can I check my server outside for holes? Maybe there is exist some free solutions?0 -
[quote="Mckenzielaa, post: 1709011">Recompile Apache to include sim link protection, but your best doing a fresh install if you have already been hacked. Change the server IP to.
Thanks. I did it already. But I guess, IP changing and server's reinstallation won't help me. I need to find hole and destroy it.0 -
Hello :) It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked: Log Files To Check After Account Hacked Thank you. 0 -
Hi :) This is what I found: [url=http://clamfs.sourceforge.net/]ClamFS: An anti-virus protected file system [url=http://doc.owncloud.org/server/6.0/admin_manual/apps/files_antivirus/index.html]File Antivirus Engine — ownCloud Administrators Manual 6.0 documentation I think real-time antivirus is very good solution. Hope something similar will be included on the next cPanel releases because it's very importation to destroy evil spirits before they will be uploaded to the server. 0 -
You are welcome to submit a feature request for anything you would like to see included with cPanel: Submit A Feature Request Thank you. 0
Please sign in to leave a comment.
Comments
7 comments