cpanel hacked ??

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • kyle04
    Private

    • Aug 2006
    • 3

    cpanel hacked ??

    I operate a website that uses an offline credit card payment facility, hosted by Vodahost, with the site operating via Soholaunch software.
    A key module in my shopping cart programme has been repeatedly hacked with an email sub programme - despite changing my cPanel password several times. The hacker could only have done this by gaining access to my FTP (I have Bluevoda and cPanel - same UN and PW).
    I have scanned my PC for malware - all clean.
    How is my passward being hacked on such a regular basis. I select my passwords with random letters, numbers and other non-alphanumeric characters.
    Is sql injection at play here ?
    Would appreciate comments from an official source as I am beginning to doubt the security of Vodahosts FTP system.
    Regards
    AndyP
  • Karen Mac
    General

    • Apr 2006
    • 8332

    #2
    Re: cpanel hacked ??

    SQL Injection has been going on all over.. first.. disable all email a friend, etc etc in soho. Change the password, then take it out of soho and only put it in the ftp area when you need to update.

    Put in a support ticket.

    Karen

    VodaHost

    Your Website People!
    1-302-283-3777 North America / International
    02036089024 / United Kingdom
    291916438 / Australia

    ------------------------

    Top 3 Best Sellers

    Web Hosting - Unlimited disk space & bandwidth.

    Reseller Hosting - Start your own web hosting business.

    Search Engine & Directory Submission - 300 directories + (Google,Yahoo,Bing)


    Comment

    • kyle04
      Private

      • Aug 2006
      • 3

      #3
      Re: cpanel hacked ??

      Thank you for the reply Karen.
      1) My FTP password is not stored in the soho admin programme (an old one was logged there but since deleted.)
      2)email_friend/write review features long since disabled in my shopping pages.
      3) I'm very concerned, as to alter the code on a module itself, you need access to it via BlueVoda or cPanel, and hence the password for these areas. My password is changed quite regularly, and I thought even a brute attack on it would result in a lockout so to speak.
      I'll submit a ticket and see what response I get.
      Regards
      AndyP

      Comment

      Working...
      X