hackers

**sdjl** · 10-12-2004, 04:45 PM

It may be worth contacting support regarding this.

**halyfax** · 10-13-2004, 05:38 AM

I did contact support regarding this matter and Andrew responded that he could not find anything out of the ordinary.

I have since changed all my passwords hoping this may be of some help although I am not sure it will be of any help to me at this point.

Is there anything I should be checking in permissions or something any advice would be great. Seeing as it was in multiple accounts all on my account I find this strange.

**sdjl** · 10-13-2004, 07:32 AM

If they're not running the same software, then no, not really.
Just advise your customers to be more wary of online security and to check their computers for spyware/viruses/etc.

David

**Pedja** · 10-14-2004, 03:19 AM

Hmmm. Dathon support could at least check what IP's from those alterations to your site were done. It could lead you to somewhere.

If one has your whm account password he can access any cpanel account.

**halyfax** · 10-14-2004, 10:01 AM

I actually provided the isp # from the hacker to support. But they didn't respond to it. I accessed the isp # from within the cpanel accounts with the last login isp. I checked all the hacked accounts and the isp # was the same.

200.90.221.166.

**AndrewT** · 10-14-2004, 10:58 AM

Originally posted by halyfax

I actually provided the isp # from the hacker to support. But they didn't respond to it. I accessed the isp # from within the cpanel accounts with the last login isp. I checked all the hacked accounts and the isp # was the same.

200.90.221.166.

I must not have told you this, but I did look into the Apache access logs from that IP and there was nothing abnormal from that IP. Those are the only logs that would even record some relevant information with the IP.

**globalstorm** · 10-14-2004, 03:25 PM

one Site hacked

I had one site hacked (on CPanel08). Index.html was changed. They used a script from CMS Mambo 4.51.

Cheers
Kirby

**halyfax** · 10-14-2004, 03:57 PM

It is strange that that ip had nothing strange because it was recorded as the last cpanel login on different accounts from different customers of mine all using different isp's, so I knew it wasn't them logging in with that ip.

I just hope it doesn't happen again. I figure they somehow got into whm or something, how else could they enter multiple accounts and also change the contact email in some of those cpanel accounts. thanks for everyone's input. If anyone else has had this happen please share if you discovered what they were using.

cheers

**Jonathan** · 10-14-2004, 04:01 PM

You can always make a nice PHP script to phrase
whatever you enter, through md5().

Do this maybe five times (different words), each time
cutting a small chunk from it. ~ then combine that, run it through.
Then cut two parts of that out, combie to form your password.

**halyfax** · 10-14-2004, 04:38 PM

isn't mambo 4.5.1 the most recent version? have they had a security update? Scarry as this is a script available in the cpanel scripts library

after checking the cpanel library has an outdated version of mambo. there is a new security update on their site.

**Jonathan** · 10-14-2004, 07:15 PM

Originally posted by halyfax

isn't mambo 4.5.1 the most recent version? have they had a security update? Scarry as this is a script available in the cpanel scripts library

after checking the cpanel library has an outdated version of mambo. there is a new security update on their site.

cPanel's version is always a handful behind...
Nothing Dathorn can do about it.

hackers

hackers

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment