Comments on: cPanel Server – Hacked or Intact? http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html The Insider Source for Media & Marketing Thu, 09 Sep 2010 18:29:40 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: remove adware http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3785 remove adware Tue, 15 Jul 2008 04:25:02 +0000 http://www.ads-links.com/?p=127#comment-3785 love this post love this post

]]> By: Gary http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3665 Gary Sat, 21 Jun 2008 15:17:13 +0000 http://www.ads-links.com/?p=127#comment-3665 Why trust cpanel to be good with firewalls? Use APF and BFD and stop being a GUI lazy person. Letting the attacker keep attacking is stupid and a waste of bandwidth. Plus it's perl? What a CPU waste. It's just looking through the logs like BFD does, and BFD runs faster. BFD blocks them at iptables. No way to whitelist the admin's IP. Documentation sucks. Why trust cpanel to be good with firewalls?
Use APF and BFD and stop being a GUI lazy person.
Letting the attacker keep attacking is stupid and a waste of bandwidth.
Plus it’s perl? What a CPU waste. It’s just looking through the logs like BFD does, and BFD runs faster.
BFD blocks them at iptables.
No way to whitelist the admin’s IP.
Documentation sucks.

]]> By: Ian Lee http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3616 Ian Lee Tue, 10 Jun 2008 18:38:59 +0000 http://www.ads-links.com/?p=127#comment-3616 Thanks for sharing the great info Kenneth. You are correct about Status always being 0 (see update above). It's great to hear others also seeing cPHulk only reporting failed logins even though it is under a "Logins" table. I just received a lengthy reply from a Technical Analyst Manager at cPanel. It seems that cPHulk is has a reporting glitch. An internal bug report has been submitted to the cPanel development team. Scroll up to see details. Thanks for sharing the great info Kenneth. You are correct about Status always being 0 (see update above). It’s great to hear others also seeing cPHulk only reporting failed logins even though it is under a “Logins” table.

I just received a lengthy reply from a Technical Analyst Manager at cPanel. It seems that cPHulk is has a reporting glitch. An internal bug report has been submitted to the cPanel development team. Scroll up to see details.

]]> By: Kenneth Power http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3615 Kenneth Power Tue, 10 Jun 2008 13:31:34 +0000 http://www.ads-links.com/?p=127#comment-3615 If you examine the code that populates the database table used to generate the report within WHM, you will find this block: if ($is_hit) { register_login( $self->{'dbh'}, 'user' => $user, 'ip' => $ip, 'service' => $service, 'status' => 0, 'logintime' => $logintime, ); } If you notice, the status field is always set to 0, hence at this time it has no meaning within the application. You can find this code on your cPanel server at: /usr/local/cpanel/Cpanel/Hulkd/Processor.pm It does appear only failed login attempts are logged, rather than both failed and successful. If you examine the code that populates the database table used to generate the report within WHM, you will find this block:

if ($is_hit) {
register_login(
$self->{‘dbh’},
‘user’ => $user,
‘ip’ => $ip,
’service’ => $service,
’status’ => 0,
‘logintime’ => $logintime,
);
}

If you notice, the status field is always set to 0, hence at this time it has no meaning within the application. You can find this code on your cPanel server at:

/usr/local/cpanel/Cpanel/Hulkd/Processor.pm

It does appear only failed login attempts are logged, rather than both failed and successful.

]]> By: Icmeler http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3612 Icmeler Tue, 10 Jun 2008 08:38:36 +0000 http://www.ads-links.com/?p=127#comment-3612 From my experiences CSF have what it takes in its firewall. Great use in cpanel and so far me and my client are satisfied with it. From my experiences CSF have what it takes in its firewall. Great use in cpanel and so far me and my client are satisfied with it.

]]> By: cover creator software http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3598 cover creator software Sun, 08 Jun 2008 05:58:41 +0000 http://www.ads-links.com/?p=127#comment-3598 Im using CSF and im glad i got no problems with it so far. Im using CSF and im glad i got no problems with it so far.

]]> By: Chris http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3594 Chris Sat, 07 Jun 2008 08:09:13 +0000 http://www.ads-links.com/?p=127#comment-3594 APF firewall is a good idea, too -- but don't count on actually being able to examine all of the attempted logins. Some hosts get thousands per day -- and this is a good reason to choose APF. Chris ZYON Cpanel Hosting http://www.zyon.com APF firewall is a good idea, too — but don’t count on actually being able to examine all of the attempted logins. Some hosts get thousands per day — and this is a good reason to choose APF.

Chris
ZYON Cpanel Hosting
http://www.zyon.com

]]> By: Ian Lee http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3582 Ian Lee Thu, 05 Jun 2008 16:38:54 +0000 http://www.ads-links.com/?p=127#comment-3582 Thanks for the tip Gary. CSF is definitely a great firewall. Unfortunately, there were some cPanel integration problems when we first installed it. For users running the <a href="http://www.rfxnetworks.com/apf.php" rel="nofollow">APF firewall</a>, they can install <a href="http://www.rfxnetworks.com/bfd.php" rel="nofollow">BFD</a> to add brute force protection at the firewall level. Thanks for the tip Gary. CSF is definitely a great firewall. Unfortunately, there were some cPanel integration problems when we first installed it.

For users running the APF firewall, they can install BFD to add brute force protection at the firewall level.

]]> By: Gary Jones :: BlueFur.com http://www.ads-links.com/index.php/cpanel-server-hacked-or-intact.html#comment-3581 Gary Jones :: BlueFur.com Thu, 05 Jun 2008 14:55:43 +0000 http://www.ads-links.com/?p=127#comment-3581 Instead of using cPHulk I would suggest using a better firewall that has Brute Force built in. Here is the best Firewall for cPanel: http://configserver.com/cp/csf.html Instead of using cPHulk I would suggest using a better firewall that has Brute Force built in.

Here is the best Firewall for cPanel:

http://configserver.com/cp/csf.html

]]>