Help on how to secure cpanel

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am currently using cpanel build 10.8.1-release 4 and currently have a
hacker you is some how getting into my website and getting into one of my
html files. I have changed my password and checked that all my files have
the correct permission and have not allowed for any anoymous ftp and all my
scripts if there are no holes. I also included a password directory which
might help. Is there anything else that I check or do to get rid of this
he/she. I tried looking around in the web/ftp stats to see if there away to
check if a person uploaded somehow a certain file but it gives you so many
ip address it is really hard to track it down.
Thanks for any help to this matter.

Re: Help on how to secure cpanel

Quoted text here. Click to load it

Are you a webmaster only or are you root. I notice you mentioned ftp
which may indicate rootness. If you are root, your root login may have
been cracked and you're now owned. System reinstall would be the answer
to this worst case. I hope you're not running an old wide-open Linux
distro or you may have easily been cracked. If you are on a competent
ISP's machine, changing password should have fixed your problem.
I live in the past and am not familiar with this new fancy broadband
stuff though.
Others here will give you less drastic and surely more relevant advice.
However, there's at minimum a password crack for someone to alter an
HTML file in your webspace.



Re: Help on how to secure cpanel

Quoted text here. Click to load it

There are about a 100 ways this could be accomplished, probably more.
Some are old, some are new. It really comes down to two things.

Are you root?
If you, so have a daily chore to keep up with it.
Daily on our cPanel servers, we get about 100 - 200 attempts to comprimise
the system, on each server.
They try to come in via shells, vuneralbilities in client upload scripts,
vunerabilities in Forum scripts, and so one.
The list is huge. Sometimes, the worst problem is a client who is unaware of
what they're doing ;)

Tools for fighting it is proper Firewall and Brute Force Detection,
ModSecurity, Linux stuff and simply keeping an eye on things, 24 hours a
day. Really. 24/7/365 and you can't take a break.

If you're just a cPanel user, you need to get on your Host's butt to find
out what they are doing about it.

Site Timeline