Cpanel hacked
-
Hey there! I'm sorry to hear about this issue with the system. Could this have happened with the AnonymousFox attack method?
Their tools allow someone to quickly setup mass mailers on a system, so that seems like the most likely explanation, without knowing anything else about the machine.
If you don't believe that was the attack vector it may be best to submit a ticket so the system can be examined.
0 -
I’ll check that out. Possibly!
We’ve also established from the logs that they targeted a specific sub domain with a Wordpress website.
There’s logs of a malicious file test123Cp and a shell based script.
There’s also multiple ip addresses in lastlogin.This all potentially suggests access was gained through a Wordpress plugin or theme but not confirmed.
0 -
Just to confirm the reset password function is turned off and the contact email wasn’t changed
0 -
It sounds like there may have been another WordPress exploit on the account besides AnonymousFox, or a user had malware of some sort that grabbed the password. Ultimately we never know how the initial intrusion happened.
0 -
Yes it’s strange. The only user is me and the Mac has no malware.
The only explanation is that they accessed cpanel using files uploaded through a plugin vulnerability.
I’m told that’s not possible but it seems it just happened.I’m just hoping when one cpanel account is compromised they had no access to anything else on the server.
I’ve done all I can for now.
0 -
That's correct - if one account is compromised there wouldn't be a way for that user to access anything else on the server. If it were a root compromise of some sort I'm guessing you'd see other, more obvious signs of the intrusion.
0
Please sign in to leave a comment.
Comments
6 comments