Reputation: 131
Protect site from server / cPanel penetrations / injections
A hacker penetrated my cPanel and modified files and code on my site.
I have a log report from hosting service provider. It goes like this:
.....frontend/paper_lantern/filemanager/upload-ajax.html?file=megla.txt&fileop=&dir=%2Fhome%2Fmyaccount%2Fmydomain.com&dirop=&charset=&file_charset=&baseurl=&basedir=" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.59 Safari/537.36" "s" "-" 2083
(I replaced only the account name and site name with generic ones)
My cPanel password is very strong (100%), it's long and beside letters and numbers it contains special many characters; I've changed it a few times. It is not possible that one can hack it easily.
It already happened 3 times and each time the system suspends my account automatically for a number of hours, before it's restored by the support staff.
I suspect that the attack is done by a former developer who I know was a hacker and we didn't part on exactly friendly terms. He knows the structure of my site and I have a static IP which he also knows.
If possible, I would like to know some details about how to protect my site from further similar hacking, penetrations, injections, etc.
Thanks.
Upvotes: 0
Views: 702
Answers (1)
Reputation: 562631
First of all, if your site is being hacked repeatedly and you don't know exactly how, you have a responsibility to shut down all access immediately, until you can figure out how the attack is being made. Especially if your site holds any sensitive data like personal data about your users, or credit card numbers. Get help from your hosting company for this.
People on StackOverflow naturally don't know your site or your code, so I'm not sure how we can deduce from that sample log report how the hacker penetrated your site. There's no reason to think they even penetrated using a web request. The log you show doesn't appear to contain any suspicious values that could affect an SQL query, so I doubt this is an example of SQL injection.
For example, if your server has a static IP address, and the attacker previously had access, they could have left an ssh key on the server, giving them easy access. Or they could have access via FTP, so they can upload code to run on your host.
There are too many potential ways an attacker can gain access to answer here on StackOverflow. It's all guesswork anyway. I recommend that you hire a reputable security expert to audit your site thoroughly.
And it should go without saying that it's a bad idea to hire untrustworthy hackers to work on your site! Ask for references when you hire the next one.
Upvotes: 2
Related Questions
- unsecure login script - how to protect
- Preventing MS SQL Injections with CodeIgniter
- PHP and PostgreSQL: Avoiding cross-site scripting and SQL injection attacks
- Best way to defend against mysql injection and cross site scripting
- How to secure project against hacks and attacks?
- How do you protect your website from Local File Inclusion & SQL Injection in PHP?
- Protect against SQL injection
- Test wordpress sites for SQL Injection on siteurl
- How to Prevent a site from SQL INJECTION
- PHP protecting itself from SQL injections?