Website hacked?
My server with whm was hacked!
Has anyone any idea how to solve without losing the Bills?
all sites of my server go to an account of the [removed]
When you type the server ip pops up the following information! See image:
.vB
Can somebody help me?
Thank you
-
You have to investigate this issue is your server root compromised or somebody hacked one account and placed hacked pages on all account by linking all accounts config file. You have to close the backdoor from where the hacker entered to server or you have to contact system administrator to investigate the issue. 0 -
The main problem is that all sites on the server addresses are translated to addresses from the "adf" to the address (a d f l y/v D i Y 2) and I can't find where it might be the error! I've seen and updated the dns ips I saw all server configs and rebuild all the places (the index had been changed) 0 -
Hello :) It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked: Log Files To Check After Account Hacked Thank you. 0 -
Hey guys. I'm currently experiencing the same problem. Some accounts on the server got hacked. Hacker added a page on the site to make it look legit. Then weird part is, a certain webscanner.com site emailed us about the hacked and wants us to go to their site to fix it. Sounds fishy. In any case, the easy fix I see is just remove the page the hacker added. I've also read the link that CPMichael added on top. Will try to check that if I can. But I guess I'm more interested on how to prevent these hacks on our server. Coz it looks like it hacked our server and just randomly targeted websites. It's not like it just hacked one site. Any input on this would be appreciated. Thanks! :) 0 -
You may want to consult with a qualified system administrator to investigate the logs on your server and determine the source of the attack. The link I provided, and the "Security Advisor" are useful methods of reviewing logs and securing your server, but it's not a replacement for an actual investigation by a qualified security specialist. Thank you. 0 -
Is there anything on the WHM interface where we can check the logs? Or does that have to be like an SSH access with Linux commands involved? 0 -
You will need to use SSH to view the logs from the command line. Thank you. 0 -
Is root access the highest? Because I tried to SSH on the server with root, but it won't allow me to run the commands. Access denied. 0 -
]Is root access the highest? Because I tried to SSH on the server with root, but it won't allow me to run the commands. Access denied.
Are you sure you attempted to review the log files with a command such as "grep" or "cat" and didn't simply enter the log file in the command line? Have you used the command-line environment in the past? Thank you.0
Please sign in to leave a comment.
Comments
9 comments