TSO Host Cpanel logging

Started by ANDRYUb, Jun 17, 2022, 07:43 AM

Previous topic - Next topic

ANDRYUbTopic starter

Hi,

TSO Host, host on a shared server a number of wordpress and html sites for me.

They recently migrated me to a new server platform with cPanel access.

It was hаcked for the second time recently, last time - someone has gained access to the cPanel, set up email addresses and tried to send 1000's of emails, websites have been hаcked also.

I have asked if logs exist for me to monitor who is logging into what, they have told me that the only log that exists is the .lastlogin file that records just the last weeks worth of cPanel logins, other services such as FTP, SMTP etc are not logged - is that correct ??

It appears malware files are spread through all my sites, including the mail server folder, which is a concern, as they continue to be used on a daily basis.

Any thoughts appreciated, is logging that limited on a hosts webserver, I would have thought not.

Thanks
  •  

sergiocharm

It is not that limited on a cPanel server, even by default. Access logs are available for all cPanel services, FTP, email, etc.

That said, cPanel access isn't necessarily required for an attacker to setup an email account. If you've changed all of your passwords previously and this is reoccurring then that is a good sign that a script has been compromised on the account or that malicious code remains somewehere, allowing continued access. Your host should be able to help with identifying this.
  •  

Yura

#2
I can give you some tips on preventing such problems in the future. Always use only strong passwords, always update plugins and Wordpress itself. It is also possible to use Better WP Security.
Another tip is not to store your password on your computer in the form of files, I mean text files. Try to keep them in your head, i.e. remember them. Check all computers from which you log into the Administration area system for viruses and/or Trojans/keyloggers.
Now the best thing for you is to disable (and delete) all plugins and reinstall Wordpress. To be safe, make a backup copy of all your files.
  •  

Nicpoint45

Very strong passwords reduce the likelihood that hаckers will guess your cPanel login.
You can create strong passwords using at least eight characters consisting of uppercase and lowercase letters, valid special characters and numbers, and avoiding well-known words and important dates.
When installing cPanel, EasyApache 4 is also installed. Given that the Apache software is open source, it is recommended to check the Apache settings. One way to do this is to prevent users from overriding your security features through the directory .htaccess. Although this is the default setting since Apache 2.3.9, you can also use modules to further enhance Apache/cPanel security.

Performing the duties of the site's control panel, cPanel interacts with many other programs. Firewalls help reduce the likelihood of hаcking through third-party connections.
But, caution is recommended when working with firewalls:
Make sure you can always log in to your server again
Familiarize yourself with the ports used by cPanel to prevent them from being inadvertently removed or disabled.
  •