hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : what is reason of hack?
Reply

Forum Jump

what is reason of hack?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Junior Guru Wannabe
 
Join Date: Aug 2012
Posts: 93

what is reason of hack?


hi everybody
i have a ded server with centos 5.8
i use cpanel and hosted 275 sites on this server

last night 1 site of server hacked
i want understand reson of hack this site
how can i check log this site and find that it how hacked?

please help me



Sponsored Links
  #2  
Old
Junior Guru Wannabe
 
Join Date: Jan 2013
Location: Virginia Beach, Va
Posts: 52
Hey ertebat7,

Sorry to hear a site got compromised. Some good steps to follow would first be reviewing the FTP logs for the account. If the name of the cPanel account was (userna5) you'd use this command:

Code:
grep userna5 /var/log/messages
If you see any FTP uploads in there for the user, it could just be they had their FTP password compromised, in which case you should update their cPanel password which updates the FTP one as well.

It would also show you any files they uploaded, and then you can go inspect those paths to ensure the files are removed if they're still there.

Next you should review your Apache access log for that site, this can be tricky, but usually you'd look for 1 IP address that has more requests than any other with this command:

Code:
cat /home/userna5/access-logs/example.com | awk '{print $1}' | sort -n | uniq -c | sort -n | sed 's/[ ]*//'
That should spit out how many hits each IP address has, let's say that 123.123.123.123 stood out with 5,000 requests. Then you'd want to see if they were hitting duplicate requests with this command:

Code:
grep 123.123.123.123 /home/userna5/access-logs/example.com| cut -d\" -f2 | awk '{print $1 " " $2}' | sort | uniq -c | sort -n | sed 's/[ ]*//'
If you notice that they have a bunch of duplicate requests to one particular PHP script such as (timthumb.php), then that could have been their entry point. A lot of times hackers will exploit PHP scripts to then in turn inject or hack your other files.

There are a few other things you can do as well, but it would be helpful to know what type of software the site is running to give you better help. Such as, is it running WordPress, Joomla, Drupal, or another CMS, or just custom written scripts?

- Jacob

  #3  
Old
Web Hosting Master
 
Join Date: Aug 2012
Posts: 3,100
Have you installed any kind of third party scripts like WordPress, Joomla etc?

It may also be possible that some plugins have Vulnerability and breached the security of your website.

__________________
BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support


Sponsored Links
  #4  
Old
cPanel is your friend
 
Join Date: Jul 2002
Location: World Wide Web
Posts: 1,600
Perform a full virus scan on the machines that had ftp access to this site. It may be a trojan - stolen ftp password.

__________________
Michael Vlastos
HostWired.com - Innovative Hosting Solutions since 2005 | cPanel, Softaculous
Personalized support | No site suspensions | No overloaded servers | Green Hosting
Multiple Backups | Average Response Time: 20 min | Toll Free: 1-855-ECO-HOST

  #5  
Old
Disabled
 
Join Date: Nov 2011
Location: Nasik, MH,INDIA
Posts: 850
You need to check with the FTP logs as JacobN has suggested. If its due to the FTP, Change the password of your cpanel account and keep it a complicated one. Also check the Ip's connection currently on the server...

  #6  
Old
Web Hosting Master
 
Join Date: Dec 2011
Location: Germany
Posts: 999
Follow the instructions JacobN gave you (good to see new users make useful posts). Furthermore you should install maldet and set it to monitoring mode, install and configure mod_security using the ASL ruleset and follow these suggestions.

__________________
r00t-Services.net | Anti DDoS, WAF, Security, Optimization, Troubleshooting.
In business since 2011 | Contact us: support[at]r00t-services.net
Affordable & Powerful DDoS Protection Service in Europe and the USA! (⌐■_■)--︻╦╤─ - - - DDoS

  #7  
Old
Web Hosting Master
 
Join Date: Aug 2012
Posts: 3,100
Do not download softwares from un reliable source since it may download virurs/trojans/keyloggers in your local system.

__________________
BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support


Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Br0keN-Pr0xy hack - FIX (the popular index defacement hack) layer0 Hosting Security and Technology Tutorials 5 09-09-2006 01:23 PM
Any reason for that? sleidia Running a Web Hosting Business 20 07-15-2006 01:24 PM
What is your reason? Amish_Geek Running a Web Hosting Business 13 05-04-2004 11:57 AM

Related posts from TheWhir.com
Title Type Date Posted
North Korea Denies Sony Hack Allegations Web Hosting News 2014-12-04 16:47:46
FBI Investigates Hack into Sony Pictures Corporate Network Web Hosting News 2014-12-02 11:50:37
Online Security Concerns Drive Holiday Shoppers to Small Businesses: Report Web Hosting News 2014-11-11 14:19:08
Hackers Steal User Login Information from AVAST Anti-Virus Forum Web Hosting News 2014-05-27 13:46:25
Name.com Resets Customer Passwords After Security Breach Web Hosting News 2013-05-13 14:43:19


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?