I have a cpanel server, and 2 days back received an email saying someone logged into WHM using root password. I tried sshing into the server, and sure enough, the password had been changed. So, I changed my root password to a new one. Checked all the WHM logs, the hacker had injected some SEO link in some websites. Reversed all those changes and went to bed.
Next day, again I received an email saying someone had logged into WHM using root, and again he changed my root password.
I performed virus scan on the server, nothing found. Performed virus scan/rootkit etc scan on my laptop. Nothing found. I always log into WHM using HTTPS/SSL.
Has this occurred to anyone in here? I can't imagine reformatting the server or my laptop.
http://lowendtalk.com/discussions/feed.rss
0 comments:
Post a Comment