How to fix a Hacked cPanel server
Resolving a Hacked cPanel server is quite different from fixing a compromised users account. If you’ve not used cPanel for that long it’s likely you’re assuming you can just change the root password. Update your software and the problem will be resolved. It won’t.
Over the years there have been many examples of compromised cPanel servers, for example. The old cPanel SYM Link problem which allowed users access to other parts of the server.
cPanel Compromised
Years ago cPanel technical support managed to get hacked themselves. A machine they used to access customer’s servers to resolve problems was infected with Malware. In turn, that machine then compromised what they say was hundreds of cPanel servers. We think it was thousands of cPanel servers. At one point cPanel technical support where reinstalling servers for license holders. In both cases. The only way to be sure that the server was secure. Was for a clean OS to be deployed to the server.
So, don’t use Maldet to scan your server if the root account has been compromised. Backup all of the cPanel accounts to an offsite location, format the server and reinstall the software then use RSYNC to move the accounts back to the server for restoration.
First2Host can help users who need to restore a cPanel server if you have a cPanel VPS Server from us. To take advantage of disaster recovery for free migrate your cPanel server to First2Host.
How was this article? – Hacked cPanel Server
More from cPanel
How To Install A Cloudflare Origin SSL Certificate In cPanel
Free SSL Certificates from places like cPanel or Let's Encrypt are great. When Let's Encrypt first introduces free SSL Certificates …
Create a SWAP partition on CentOS, RHEL and AlmaLinux without a reboot
SWAP is a memory type that Linux NVMe VPS Servers use to process requests. Memory will be held in SWAP …
Help fixing Error: last request failed: [AUTH] Authentication failed.
The Error: last request failed: [AUTH] Authentication failed error can be caused by a range of things. It could be …
1 Comment
[…] Root Compromise […]