I'm having a problem with a hacker...using insecure scripts on my user's accounts he changes Cpanel passwords. I do not understand how a script running as user nobody would change a Cpanel password. Any ideas on that ?
I am using mod security (rules from gotroot.com), register_globals are disabled. I also disabled the password reset feature as I thought the hacker may be resetting the passwords and then reading the new password from the email account on the server using the insecure script.
Unfortunately this guy simply doesn't stop...he seems to have a reverse DNS list or something. He is only attacking accounts on one specific server of mine but I am pretty sure he doesn't have root access.
I'm still trying to figure this one out. I got an email last night about 10:30pm that a weird IP had logged with root. I thought it was a guy that helps with tech things but I ran the IP... it came back from Korea and I knew I was in trouble. I immediately logged into WHM and changed the root password then sent the server down for a reboot. He was only in there for about 3 minutes before I nailed him. I've banned the IP from the server and have been watching it for nearly 12 hours now and they haven't came back yet.
Now comes the task of trying to figure out how he got the password. This is mind boggling to me. He knew the password, like someone gave it to him... there were no incorrect guesses or brute force. The password was a series of random letters, both upper and lower case. Is it possible he got it through getting to /etc/passwd via a PHP script? I have open basedir restrictions in place, can they get around that? I noticed at the time he logged in there were several IPs trying to exploit PHP scripts on my server, you know, setting the parameters to txt files but I assumed with shell functions disabled (except exec) and with open basedir this wouldn't be possible. Is there a hole in cpanel / PHP / kernel recently I may have missed?
I searched the forum articles but couldn not find specifically what I wanted.. just learning with my dedicated server...
I want to change my cpanel password and ftp password but NOT change the msql server password. I tried to do it in WHM it also changes the database to my website and causes it to go down. (so I changed it back)
I tried to change it under: [URL to actual WHM removed] Password Modification in WHM but it changed the databse program as well.
Again all I want to change is the Cpanel acces and main FTP pass
Im doing this to keep old programmers out of my server)
I am just a newbie with linux and ssh.I know that we can control the server with ssh. SSH is faster and more secure than Web control.I need your help about with ssh:How to change the email password?How to add email address?How to disable/remove email address?How to forward email?Pleaser help me with one or more question above.My Server installed with Centos 4.4 with Cpanel 10.Thank you so much in advance.Longpt
Is it possible to change to root password to a VPS from inside HyperVM? I currently have 4 VPS's setup and I need to change the password for one of the VPses. Can I do this from inside HyperVM without having to go to SSH?
we have identified a number of customers with weak passwords - we wish to send them an email and then wait 1 hour - then change their passwords to the new password we have identified - due to them being across multiple domains, we don't want to do this via the PPA web gui - it would take quite a long time.
What is/are the commands for changing mailbox password for SMTP/IMAP/POP3??
i.e., is there a PPA command for changing both sides of send/receive?