Results 1 to 17 of 17
  1. #1
    Join Date
    Aug 2009

    server hacked again - advise prevention

    This is third time my Plesk server got hacked. What actions should I take?

    Every time there are some scripts in /tmp which includes txt, pl, sh scripts.

    Hacker removes all the LOG folders on server and replace all the index files in www/vhosts

    When I run the rootkithunters there are no infections.

    Please advise.

  2. #2
    Join Date
    Jul 2009
    I say drop plesk get cpanel and install csf firewall and you should be good to go

  3. #3
    Join Date
    Jun 2003
    World Wide Web
    You should secure your /tmp partition . Also check your log files in order to find out and close the loop holes which hackers used.

    Confirm your server is using configured firewalls.

    Hope that with root access an admin can fix this issue permanently and secure your server - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

  4. #4
    Quote Originally Posted by HypedHosting View Post
    I say drop plesk get cpanel and install csf firewall and you should be good to go
    Cpanel is the way to go.

    Hacker replaced index for all sites ? Or just few ?

    Your computer may have some keylogger, so do OS reinstall or install Ubuntu on your desktop. Then OS reload server, this time use linux desktop to work with your server, so you can make sure hacker is not getting password from your desktop computer.

  5. #5
    yes, it would be better to change your control panel to cpanel.

  6. #6
    Join Date
    Mar 2003
    Quote Originally Posted by multimedia9 View Post
    yes, it would be better to change your control panel to cpanel.
    It is not about plesk.

    You need to check all your sites for vulnerable scripts, etc...

    Make sure first to secure your server.
    Specially 4 You
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  7. #7
    Join Date
    Aug 2006
    Solution, to hire a sysadmin
    WebSitePanel / Hosting Controller / Smartermail / Installation / Configuration / Troubleshooting / Migrations
    Windows Server Management / Security / Hardening
    I speak English and Spanish

  8. #8
    Well its not with Plesk and changing control panel is no good idea, I agree with cpanel you get better options but the core thing is proper security and hardening to be performed. Cpanel servers also get compromised so you can stick with plesk as well. Clean your servers and find out any suspicious domain on the server.
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

  9. #9
    I think you should get the server restored and contact to any server administrator that can secure your box.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  10. #10
    Join Date
    Apr 2007
    Spend some $$ on a system admin to secure the box and go through it there must be something that your missing...
    - Buying up websites, side-projects and companies - PM Me! -

  11. #11
    Join Date
    May 2009
    Yes.. hire some sysadmin is better than changing the control panel. Also make sure that files on the accounts are in correct ownership and permission and also they are using updated softwares like blog, wordpress etc.

  12. #12
    Join Date
    Aug 2006
    Ashburn VA, San Diego CA
    +1 Hire a sysadmin such as It is cheap and well worth it in your case.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Since 2003 - Ashburn VA + San Diego CA Datacenters

  13. #13
    Join Date
    Nov 2002
    May i ask what the "hacker" did to the index files? I recently have had some users wiith the Grublar virus which steals the users FTP info then modifies index files w/ an IFRAME code..

    Easy solution for me was to:
    kill FTP
    restore files
    change passwords
    start FTP
    notify infected users

  14. #14
    If you have a good system security that should do the trick. But also, keep your FTP/cPanel safe. No-logins should be required to the CS. & Try not to give soo many people SF Logins also.

    Otherwise, like everyone said.
    Get Sysadmin.

  15. #15
    Join Date
    Sep 2002
    Top Secret
    Quote Originally Posted by jackpx View Post
    Solution, to hire a sysadmin

    If you don't know what you're doing hire an admin to keep an eye on your server for you.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Linux Problems? WHMCS Issues? +1-866-546-8914 (linux-14) or @whmcsguru on twitter!

  16. #16
    Join Date
    Sep 2004
    Chicago, IL
    you need to install mod_sec also or buy an application firewall - different then a normal one.
    Ben Lenard, MS, MBA
    TechMinds 4 Hire, Inc - (866) 214-1285 x 2001

  17. #17
    Join Date
    Jul 2007
    You may consider or Applicure's DotDefender for Apache.
    Prashant T.

    Don't run after Success. Run after Excellence and Success will soon follow.

Similar Threads

  1. prevention from server overload
    By DnaJinx in forum Hosting Security and Technology
    Replies: 10
    Last Post: 10-29-2008, 02:12 PM
  2. Replies: 3
    Last Post: 10-08-2007, 02:02 AM
  3. server hacked ... advise needed
    By xmlxp in forum Hosting Security and Technology
    Replies: 16
    Last Post: 10-31-2005, 07:02 PM
  4. Chargeback Prevention and Fraud Prevention with
    By fraudgate in forum Other Offers & Requests
    Replies: 6
    Last Post: 09-03-2004, 09:39 PM
  5. Shared Server Spam Prevention?
    By Zander in forum Dedicated Server
    Replies: 3
    Last Post: 07-18-2002, 04:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts