Knowledgebase

Portal Home > Knowledgebase > Articles Database > Got hacked today


Got hacked today




Posted by SyntraClick, 08-29-2012, 04:57 AM
I got hacked today. The intruder logged in and deleted all of our data. Luckily I have backups (I think) and will try to get those up ASAP. What I'd like to know is what I can do to stop this in the future. The site was running vBulletin 4.2.2 with their latest security patch. Apache/WHM setup. Can anyone recommend an IDS - preferably free - and other ways to thwart this type of thing. Is there a way to make it so the only person who can log into an administrator account or ftp account - has to come from a specific IP? Thank you
Posted by Ash, 08-29-2012, 05:20 AM
There are so many potential variables here that nobody can post a foolproof solution. Ideally, you want a server management company to secure the box (and before you put the site up again) They can also help to limit access, permissions etc as you asked, but how depends totally on your setup.
Posted by SyntraClick, 08-29-2012, 06:08 AM
Thank you for the response. Could anyone recommend a good server management company that could do this for me (Besides PSM)
Posted by TravisT-[SSS], 08-29-2012, 06:48 AM
Steven@911 On a topic note, did you get any logs saved to maybe show how they got in?
Posted by racknap1, 08-29-2012, 11:15 AM
Hi, There are particular things which you need to concern 1. remove 2086 port from your csf (if installed) 2. set attributes on /etc/hosts.deny and /etc/hosts.allow files. 3. Check your last|more logs and check if you find any unfamiliar IP, Block if required. 4. Develop mod_security rules for your WHM. (you can google it) 5. You need to run some scripts which finds malicious scripts on server. 6. Get claimAV on server, and run claimscan daily in screen mode and delete the infected files. Hope you'll find this helpful, besides as Loon said "There are so many potential variables here that nobody can post a foolproof solution"
Posted by BestServerSupport, 08-29-2012, 11:54 AM
In addition to the suggestions from znetindia, I would like to add few like: 1. Check if you have outdated third party scripts installed. 2. vBulletion plugins should also be updated. 3. Keep a practice to choose strong passwords for FTP, cPanel, WHM etc. 4. Scan your local machine from where you do FTP with third party anti-virus software. It may be possible that your local system is infected with some kind of keyloggers (steals passwords) and trojans. 5. Install Firewall on your server. CSF is a very good option.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
¿Is Hostgator a good selection? (Views: 589)
Free Comodo WAF rules with Plesk - anyone try them? (Views: 608)
The best offer i found for reseller, got better? (Views: 566)
Reseller Selection (Views: 656)
Install operating system from an online ISO using KVM (Views: 595)