New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Paste the file on pastebin, and what control panel or webserver are you using?
Any software? Wordpress, SMF, MyBB?
Hire a server management company to get your site/server secured.
Is this a VPS? What software you running? Something is probably out of date and being exploited.
You should have stayed on top of updates... 99% the cause.
Wordpress?
If you just keep removing the compromised files without locating the source, it will keep happening.
My money is on a wordpress site.
That has a dodgy plugin.
I'm not understand why posting such threads. If you think there are telepaths who'll remotely clean your VPS - you are failed. Hire sysadmin and you should be fine.
Careful, I know what you are thinking about doing while you're sitting there, in that room. You will go blind.
I have a VPS with cPanel the site in question is running Website Baker... junk I know but will be updating to another CMS soon.
Anyone recommend good server management?
You will want someone who knows how to secure cPanel. Personally, I can live without it, but thats just me.
Using CPanel for private is not good decision. Use free/opensource CP.
I use cPanel as I host a few sites and easier for other people to use.
platinum server management is good and does the job for a cheap price,
Is there any code added into the site?
Go with sucuri if you cant handle it alone.
an index.php file was uploaded with this in
content="0;URL=https://alero.websitewelcome.com/~update/account/validation/
Remove the code and chmod to 644
cPanel has a back door security issue that's compromised by cpanelkill. Secure your ftp ports 20 and 21. That ought to do.
Remove the code and chmod to 644Sorry, i though only code have been added into the index.
guess that happens too
Looks like the website is a PayPal phishing page. I will try getting the page removed.
again & again
cPanel as I host a few sites and easier for other people to use.
to many answers , something like to late
check your personal comp first
A server management company is most likely not going to secure your CMS. While its possible that cPanel was compromised in some way, it's far more likely that the compromise does not extend beyond the single Unix account executing the vulnerable PHP processes, assuming suPHP.
@mustafaramadhan
there almost a year since you told that kloxo-mr will get jailkit and still nothing happened... that is unserious... that feature and second think is same about interworx => email throttling - yes there is chrisf mod but their is http://www.qmailwiki.org/Throttle... jailkit and qmail recompiled with throttling can reassure people that kloxo-mr is again usable for more than single site / single vps panel ....
@n1kko - first clean the site, you can use https://www.rfxn.com/projects/linux-malware-detect/
or some of the word press plugins or download the site and scan it with local antivirus or both
and remove all unused plugin and check if your theme have vulnerable theme (especially revolution slider one)
Secondly if you buy managed vps ask for securing it (or you are using incompetent company )
if it's unmanaged with addition cPanel
You should to hire some one or do it your self
I recommend to: Recompile Easy Apache with Mod Security, suhosin, and mod ruid2
and in CPANEL tweaks choose : Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell.
You can also install this rules https://waf.comodo.com/ and add csf firewall then you can follow csd security advices
that will cover basic securing and isolation of the user accounts
I think there will be a shell in your site from where the hacker is entering your site and controlling everything plus update the server your server might be rooted.
Just installing chkrootkit & rkhunter
I already had csf firewall which is all configured
I'm sure you're not rooted. Rooting a server to replace only one site's content repeatedly would just be a cruel joke
What about contacting cpanel? Those guys will help you on this for sure!