Question about "fast" hack
Hi,
I have a question as to where i can start my error searching.
I just installed cPanel on a fresh VPS server, withing one hour the server was setup and cpanel installed. I also changed the default port of SSH etc. And used a password with a rating of 100 (Something like: "5,45Tu"+1). Thus i find it hard to see how anyone can login to my account. But withing 12 hours the root account was compromised with a root login.
I have several VPS servers without this problem, so i was surprised.
My question: Is it possible that my VPS host is compromised, or am i seeing ghosts?
The server was default CentOs with default cpanel install and valid SSL certificate. SSH port changed from 22 to 2345.
But since i got an E-mail the main login was through controlpanel web. After that i could see that they had been logged in with SSH as well.
-
]But withing 12 hours the root account was compromised with a root login.
Hello :) Could you elaborate on how you know it was compromised? Are you sure the username wasn't simply locked by cPHulk due to a brute force attempt? Thank you.0 -
Hi there, I have been through same problem myself, it's maybe because your server's cphulk configuration . You can check with other pc which has different ip to see if whm allows you to login or not . If you can't login then ask your vps provider to reset your vps root password, and after that don't forget to recompile apache without MPM-ITK, I don't know what it does but my issue is fixed after I compiled apache without MPM-ITK . Cheers, Shahriar 0 -
]and after that don't forget to recompile apache without MPM-ITK ,
This should have no effect on the cPHulkd configuration. It's possible that it's simply a coincidence that logins started working after EasyApache. Thank you.0
Please sign in to leave a comment.
Comments
3 comments