#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    94
    Rep Power
    0

    Question Protect site from server / cPanel penetrations / injections


    A hacker penetrated my cPanel and modified files and code on my site.

    I have a log report from hosting service provider. It goes like this: .....frontend/paper_lantern/filemanager/upload-ajax.html?file=megla.txt&fileop=&dir=%2Fhome%2Fmyaccount%2Fmydomain.com&dirop=&charset=&file_charset =&baseurl=&basedir=" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.59 Safari/537.36" "s" "-" 2083

    (I replaced only the account name and site name with generic ones)

    My cPanel password is very strong (100%), it's long and beside letters and numbers it contains special many characters; I've changed it a few times. It is not possible that one can hack it easily.

    It already happened 3 times and each time the system suspends my account automatically for a number of hours, before it's restored by the support staff.

    I suspect that the attack is done by a former developer who I know was a hacker and we didn't part on exactly friendly terms. He knows the structure of my site and I have a static IP which he also knows.

    If possible, I would like to know some details about how to protect my site from further similar hacking, penetrations, injections, etc.

    Thanks.
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2017
    Location
    Worldwide
    Posts
    48
    Rep Power
    45
    It would appear your problem is a poorly coded upload script. You cannot allow users to upload anything they want. Remove the upload script until you fix it properly.

IMN logo majestic logo threadwatch logo seochat tools logo