web analytics

Blog

“Suspended Page ” defaced in cPanel Server

Tags: cPanelhacked pagesuspended page template

Published on: October 3, 2014 by Vipin R.N

“Suspended Page ” defaced in cPanel Server

Scenario:

Lets call this reseller account xyz. Their account was Suspended on Payment Overdue and remain Suspended until they cleared the dues. The issue was that the Suspended page  hacked and defaced, rather than the Normal one. 

This is how a normal Suspended page looks like :

suspended_real.png

The suspended page hacked looked like 

hacked

Analysis

Web Templates for Default Website Page, Account Move, Connection Selection and Account Suspended would be placed in the directory /var/cpanel/webtemplates/root (For root). In Reseller servers, there would be a sub-directory by the main reseller account name where the templates are stored, for example /var/cpanel/webtemplates/xyz where xyz is the reseller account. 

Possibilities

  • A redirect rule in the .htaccess file of the accounts under reseller would have caused this
  • WHM/cPanel compromised at root level (Less possibility, but if this was for a shared server it may happen)
  • WHM/cPanel compromised at user level (Remember, all reseller accounts has individual WHM access

How was it done

There were no redirect rule in the .htaccess file. The second possibility was ruled out since :

  • It was confirmed that the root templates are not touched
  • Only the users under this specific reseller was affected

I went on and accessed the WHM with the reseller login credentials. The Web Template Editor looked like this

reseller_kacled

A Normal Suspended page Template would look like this :

Suspended_original

If you are proficient in HTML, you can clearly understand the code and know what difference it would make. 

Now I know what would have caused this. This specific reseller’s WHM login credentials was compromised and someone using that login has changed the Suspended Page template. Case Closed 

Category : cPanel, Linux, Troubleshooting

Vipin R.N

Vipin R.N

Vipin is a no-nonsense, disciplined guy who ensures that everything is carried out with the highest level of perfection. Apart from his great coding skills, he is quite interested in advanced server administration, issue analysis, documentation and training. In-depth knowledge in international politics, ammunition and automobiles makes this hard core Manchester United fan, one of the most referenced personalities in the entire team.

You may also read:

Comments

Add new commentSIGN IN

Let's Connect

Get new updates

Categories

$0.000 items