Compromised accounts questions

tejli

• October 07, 2016 05:10

Hello. The hacker first changes the email address then the password and upload files. He hacked about 20 accounts on my server. Accounts are not owned only by one reseller. Can someone tell me what to do? AM running cSF and also dsiabled the functions on php.ini but seems he is able still to load a shell.

• 

  SysSachin

  • October 07, 2016 13:50

  Hi, Do you have root access ? If yes then changed the cPanel password first. Also checked the hacked file uploaded logs so that you will get the Idea for which method is used for upload the file as well as you can scan the account on the server with maldet and clamAV .Also install mod_security on the server.

  0
• 

  cPanelMichael

  • October 11, 2016 21:20

  Hello, The following thread should help: What log files to check after an account gets hacked/defaced? Also, this document is helpful to help secure your server against future attacks: Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.