Hacked 3 times in 2 days

Portal Home > Knowledgebase > Articles Database > Hacked 3 times in 2 days

Posted by Justinfm, 02-07-2008, 05:57 PM
I'm pulling my hair out. I've been hacked three times within the last two days, and across two different companies. In both cases a hacker created email accounts (through cpanel?) and then sent out spam through the webmail system. I don't see on the log where they accessed the cpanel, so I'm thinking they may have done it on another day, or they may have done it using some remote script. Here's what the log looks like. I thought someone had got my master password, since it happened on two different hosts (I have a resellerzoom and a hostforweb). I changed all of my passwords, but it looks like I've been compromised again. The one on hostforweb was leburgess.com which is one of my clients sites. The one on resellerzoom that's suspended again today, is eBeaverton.com I haven't had a chance to look at the server log for eBeaverton yet as they haven't responded back. I really have a hard time wiht a company with a phone number for sales, but not for support. I understand it, but in emergancies like this it is less than comforting. I run ZoneAlarm security suite on my computer, so I was pretty sure I didn't have some kind of keylogger on my system. also, I have a hardware firewall. That said, I'm open to the idea of it. Can anyone give me some ideas about how this may have happened, and what I need to do to protect myself better.
Posted by tix3, 02-07-2008, 07:27 PM
are the mail account created (can you see them in Cpanel) or is the hacker exploiting a form that you have in your site?
Posted by net, 02-07-2008, 07:36 PM
Things you can check: 1. Change your password of your email address where you are receiving your password credentials. 2. Change your cpanel password and all email addresses password for the said domain. 3. Update all your scripts you are using. 4. Secure files and folders permission in your site. 5. If you own the server, check for trojans, secure every softwares, etc... 6. Check for users without password, with root permission, etc.... and Yes, there are so many things to do :-) but those are some of the tips. Net
Posted by Justinfm, 02-07-2008, 07:40 PM
I think they're actuall accounts being created. On eBeaverton they had removed the accounts, on leburgess I found them still in tact and I was able to go in through squrreill mail and see the sent messages.
Posted by bitserve, 02-07-2008, 09:02 PM
You probably created an account for them, or they've found a vulnerablity in your system. Either way, you might consider hiring a competent consultant to help you before you get hacked the fourth time or that will at least be monitoring for how the fourth hack occurs.
Posted by Justinfm, 02-08-2008, 07:48 PM
I was thinking about this, I wasn't sure the prices involved or where to look. Any suggestions would be welcome.
Posted by csparks, 02-08-2008, 09:28 PM
I think its probably on your formmail's, but not sure as I could not exploit it to email myself, but I am not versed in exploiting them, so I would not really know.
Posted by bitserve, 02-08-2008, 10:10 PM
http://www.webhostingtalk.com/wiki/C...ver_management You want an admin with some information security experience, especially incident response.
Posted by glace, 03-18-2008, 06:58 PM
Hi ! I would like to let you know I am having the exact same problem !! Hackers gain access to my Cpanel accounts and then they create email accounts and send Nigeria Connection emails !! Did you find out how they do it ??
Posted by PremiumHost, 03-18-2008, 08:26 PM
There was a serious bug with webmail in cpanel last week or so. Make sure that you're running latest stable release.

Add to Favourites Print this Article