I have recently had it drawn to my notice that my installation of Status2k was not only hacked but that the hackers created a script using MY SITE as a demo - the cheek of it. There is a security exploitation with Status2k that allows the hacker to run a script and generate a new admin username and password then log into your Status2k. They can then see the security details you entered to perform the root functions. Mine have been published on many forums and have been there for the past 3 weeks INCLUDING my ROOT password for my server! Nightmare, well I have changed everything now and REMOVED Status2k altogether. Does anyone else know of a graphic display script for server resources other than Status2k?? Has anyone else suffered from this? What can be done to prevent illigitimate access to scripts requiring Root access details? Am a bit shakey now Lol
I would get an OS reload if I were you. Also, you should never put your root password in a script, there are WHM access keys if you're running cPanel, they allow scripts like this to perform root actions without the root password.
Do you really think I need a whole whm/cpanel OS reload? The functionality of it all seems fine, secuity measures are in place, SSH port has been changed and will only work with Putty Key. No accounts are live that could compromise the server, I have installed an IP blocker to work in conjunction with Bruteforce and I have removed all compromising scripts ensuring licenses for uptodate versions of scripting are paid and installed! If I reload OS then I will have to restore all cpanel backups and the 3rd party software on the OS like WHMPHP and WHMCS! Please tell me this isn't essential?
As a professional ex-webhost, I would strongly suggest you do that. You never know what might have been hidden.
No, that would only rebuild apache and php, not the whole system. If the whole system has been compromised it could be used in many operations without you even knowing about it. I would suggest you call your Datacenter, and ask them to reload the OS (dont forget to take backups) and then contact a company to secure the server, someone like www.rack911.com (steve) is well known and if you google them you'll know how good this guy is