C panel Can be hacked using different methods

1) Bruforce - We can use Hydra Tool to get password of c-panel or ftp. or using a Bruteforce script : http://www.hack0wn.com/view.php?xroot=80.0&cat=sources
2) Using Exploits - Some c-panels are vulnerable, can be hacked using exploits like - http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.exploit-db.com%2Fexploits%2F11211%2F&h=4d359OYLLDE40SEdximoxHyk4CA , http://www.exploit-db.com/exploits/14188/
3) Other methods , You can reset C-panel access using server rooting.
4) One more method of hacking can be, from victim's side. If victim use c-panel pass, or store that in his computer, then u can you RAT tools to access his pc to get pass. You can also use one of the following ways:1)If the domain is propagated, you can access your C-panel in the following ways: http://www.yourdomain.com/cpanelhttp://www.yourdomain.com:20822)If the domain name has not yet propagated, you can use your shared hosting or dedicated hosting IP address:
Example: http://207.44.249.160/cpanelhttp://207.44.249.160:2082If cannot login to c-Panel reseller hosting, then Make sure to replace “yourdomain” with your domain name and to include the “/” at the end of the address. If your account is new, you will need to use your shared or dedicated hosting IP instead of “yourdomain” until the domain name has propagated. What are the different error pages that we get in Cpanel hosting?If an incorrect request has been made by a web page viewer the error pages are pages that will show up.404 error page, if they try to go to a page which does not exist on your site.
400 – Bad Request
401 – Authorization Required
403 – Forbidden
404 – Page Not Found
500 – Internal Server ErrorHow to view disk usage per directory?Click on “Disk usage” and you can see the disk space used by all your directories in megabytes.
Will the Cpanel web hosting work before I transfer the name servers?After you sign up with a hosting company you will receive your welcome e-mail which contains your account information such as IP address, username, password, control panel URL and other necessary information in order for you to get started.Then you can login to your control panel, regardless if your domain is already pointed to the name servers of the hosting company or not. The website can be accessed for the meantime in the following way:http://servername.eukhost.com/cpanelBasic cPanel VPS Security Measures As server technology moves on and becomes more modern, the threats that face both Windows and Linux servers are becoming stronger meaning that they still pose a serious threat to even the most secure of web hosting servers. Many Linux based servers in the web hosting industry will be using the cPanel control panel so that clients of the web hosting providers concerned are able to manage their web hosting accounts, and so that the system administrators are able to manage the web hosting servers through a web browser. And as server technology moves forward and becomes cheaper, many users are upgrading their existing web hosting packages to VPS servers so that they can take advantage of the fact that they have their own resources; however, with this comes many users that are unable to secure their servers to such an extent that most attackers won’t be able to gain entry. Web hosting providers will in most cases offer you basic assistance when it comes to securing your server, but its the smaller things such as keeping your server software updated that can make a difference. However, whether you are good with managing servers or not there are still several different actions that you can take to ensure that your server is secure to an acceptable level.The main steps that you will need to take to secure your cPanel VPS server to an acceptable level are really quite basic, and you may have software such as a firewall installed on your local desktop computer. If you are unsure as to any steps then your web hosting provider should have a support team that are able to install such security components for you. The main security components that you will be installing on your cPanel VPS will include:
•CSF Firewall•RKHunter•SIM (System Integrity Monitor)•LES (Linux Environment Security).We will also discuss the basic hardening of both PHP and Apache since if left unmodified both of these can be used to gain access to an insecure server. There are also measures that you can take to secure the MySQL database server.
Installing CSF, LES and SIM
CSF is a popular firewall in the web hosting industry since it integrates very well with the WHM side of the cPanel/WHM Linux control panel suite. When configured correctly CSF will block any IP addresses/hostnames that attempt to attack your VPS in any way; for example, you may find that a bot is trying to attack your server by trying to access a certain service using different username and password combinations – after a certain amount of failed logins, LFD (logon failure daemon) which comes with CSF will automatically block the attacking IP. Installing CSF really is a piece of cake; all you need to do for the basic installation is run the following commands in an SSH window:
•wget http://www.configserver.com/free/csf.tgz•tar -xzf csf.tgz•cd csf•sh install.shOnce you have done that, you will find that CSF has been successfully installed and can be managed through the WHM control panel. All you need to do is scroll down to the bottom of the left hand menu and select it from under the ‘Plug-Ins’ menu. However, in some cases you may find that your cPanel server already has another firewall combination install – APF and BFD; now, in order for CSF to work you will need to remove both of these, to do so you will need to run the following command from the CSF folder in your terminal window:•sh remove_apf_bfd.shOnce initially installed CSF will be running in what is called ‘testing’ mode which means that it isn’t doing its assigned job – protecting your server from malicious attackers. From here you will need to configure CSF yourself using the configuration file, and once you are happy with your modifications you only need to set the ‘TESTING’ variable in the configuration file from its current value of ’1′ to ’0′ which will then put the firewall into actions once it has been restarted. LES and SIM aren’t as important to use as CSF may be, but both still have their uses when it comes down to the security of your server and the monitoring of it. The purpose of LES is to prevent any environment based attacks, i.e. attacks which may root from bugs or security holes that may exist in files that are hosted on your cPanel server. SIM is responsible for the monitoring of your system resources and the important programs that you may have running on your system and will notify you of any problems.Installing and Configuring Rootkit Hunter (RKHunter)Rookit hunter is probably one of the most useful applications that you can have installed on your cPanel VPS server. Although rootkits can’t be removed in most cases simply because they are installed into system files, RKHunter will still notify you of any rootkits that may exist in your system so that you can take the necessary steps to reload your cPanel server. Rootkit hunter is both easy to install and configure, and the best thing about it is that you can configure it to do daily scans to ensure that if any rootkits are discovered they aren’t able to affect your server too much. The main steps for installing RKHunter are:
•wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz•tar -xzf rkhunter-1.3.2.tar.gz•cd rkhunter-1.3.2•./installer.shOnce you have RKHunter installed it may be useful to schedule it to do daily scans and to update itself on a regular basis so that you don’t have to. In order to schedule it to do a daily scan you should follow these steps:
•vi /etc/cron.daily/rkhunter.sh (press ‘shift + I’ to make the file editable)•(/usr/local/bin/rkhunter –update && /usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “RKhunter Scan Details” email@domain.com) – (replace email@domain.com with your own email address)•press ‘esc’ and then type ‘:wq’, and your file will be saved•chmod 700 /etc/cron.daily/rkhunter.shBy following the steps above you are able to configure RKHunter to run a daily scan which will then be emailed to you but the same script will also do a daily update check.
Securing the /tmp Partition
Some of the attacks and exploits that can take place against any Linux server normally take place within the /tmp directory which is why it is incredibly important that you secure this one directory/partition. If you are running cPanel on a dedicated Linux hosting server then you simply need to run the following command to secure /tmp:
•/scripts/securetmpHowever, it is a different matter on cPanel VPS servers since the above script doesn’t work on most Virtuozzo based VPS servers. In order to mount/secure /tmp on a cPanel VPS hosting server, you will need to add the following line to ‘/etc/fstab’:
•none /tmp tmpfs nodev,nosuid,noexec 0 0By mounting /tmp with noexec and nosuid we are able to ensure that no executables are able to run in the /tmp directory.
Securing Apache/PHP
There are certain measures that you can to ensure that any installations of PHP or Apache that you may have are secure. The most obvious measure you can take is to ensure that any installations that you have of either are up-to-date so that any security holes that there may have been in older versions have been healed on your own server. In terms of Apache you should ensure that you have specific modules installed such as mod_security which will prevent any web based injection attacks and mod_evasive which will prevent any web based brute force attacks.Mod_security can be installed by recompiling Apache through the ‘EasyApache’ interface which is now included with all new cPanel installations. By re-compiling Apache you can also update PHP to the latest version that is available. Through EasyApache you can also re-compile PHP with SuHosin which will add another layer of security to any PHP scripts tha you may be hosting. Another important step to carry out is the enabling of PHP SuExec which can be done through the WHM control panel by following these steps:
•under the ‘Service Configuration’ section of the left menu select ‘Apache Configuration’•select ‘PHP and SuExec Configuration’•under ‘Alter Configuration’ set Apache SuExec to ‘On’You should also disable certain dangerous PHP functions on your cPanel server to ensure that any unsecure PHP scripts that you are hosting won’t be able to compromise the security of your entire server. In order to do so, you should follow these steps:
•php -i | grep php.ini•vi /usr/local/lib/php/php.ini•in your PHP configuration file you should look for the ‘disable_functions’ line•once you have found it, change it to: ‘disable_functions = “system,passthru,exec,popen,proc_close,proc_get_st atus,proc_nice,proc_open,proc_terminate,shell_exec ,highlight_file,escapeshellcmd,define_syslog_varia bles,posix_uname,posix_getpwuid,apache_child_termi nate,posix_kill,posix_mkfifo,posix_setpgid,posix_s etsid,posix_setuid,escapeshellarg,posix_uname,ftp_ exec,ftp_connect,ftp_login,ftp_get,ftp_put,ftp_nb_ fput,ftp_raw,ftp_rawlist,ini_alter,ini_restore,inj ect_code,syslog,openlog,define_syslog_variables,ap ache_setenv,mysql_pconnect,eval,phpAds_XmlRpc,phpA ds_remoteInfo,phpAds_xmlrpcEncode,phpAds_xmlrpcDec ode,xmlrpc_entity_decode,fp,fput”‘•save the file•restart Apache (service httpd restart)You should also set a MySQL root password through the ‘Set Root Password’ option that is located under the ‘SQL Services’ menu.Conclusion
Now that you have followed the basic steps to secure your cPanel VPS, you can be safe in the knowledge that malicious attackers are highly unlikely to be able to gain access to it in any way. However, it is still down to you to ensure that all the security software amongst other programs that you have installed on your VPS server is kept up-to-date. You should also monitor your VPS hosting server externally since then you will know if your VPS crashes but most importantly if anyone gains unauthorised access to it. If you are the only one using the server then you should also ensure that any PHP files of scripts that you are running are unaffected by any security features that you enforce but mainly that the actual coding itself is secure and can’t be injected.CPanel is one of the most popular control panels in the world today. CPanel is used for the maintenance of the website and the web server. The CPanel has a very good graphical user interface (GUI) which makes it very easy to use for all its users.Anyone who is new to this field of web hosting and website development can design and develop a professional website using this cPanel. By using the CPanel, you will have complete control over your website. It is one of the most reliable control panels in the world today. CPanel even supports PHP, Front Page, MySQL, Fantastico, and many more exciting web applications and features. c
Panel has a feature that gives you all the important statistics about your web server. For example, the bandwidth and disk space usage, web traffic details, domain and sub-domain details, the places from where your web traffic comes to your website and to which web pages, how long the web traffic stays on which web page, and much more.CPanel also offers some of the most important add-ons and great web tools like Fantastico Deluxe, which contains easy installation of some of the most important applications like the content management system, Joomla that can be directly installed using this control panel.
Fantastico Deluxe allows you to install some very important web scripts with the help of just a few mouse clicks. Also, installing these web scripts is very easy even for the novices, and you do not need to have extensive knowledge about the process of installation these advanced web scripts and applications. Using the CPanel, you can perform many important tasks. CPanel also makes the web programming and the coding of the website much easier.
As stated earlier CPanel has graphical user interface. It helps the difficult tasks to become much easier. For example, deleting a whole table from your database, setting passwords to some parts of your website, changing the content of your website, and much more can be done quite easily. CPanel even allows you to change the interface of the control panel according to your needs.
As CPanel is one of the most popular control panel used, and the online marketers make use of CPanel web hosting, there are many advanced compatible software’s and applications or scripts available to be used along with the powerful CPanel. It provides advanced scalability of your website.
Many web hosting service providers even provide some very powerful custom-made web designing tools. Some control panels provide only some of the basic features like managing web files, creating email accounts, creating sub domain names, etc.However, CPanel provides much more sophisticated features when compared to the other control panels. For example, cron jobs, MIME types, Apache handlers, add or remove email accounts, Auto-responders, and much more.
The CPanel also provides PHPMyAdmin for database management, can install Front Page extensions, redirect mail and URL, create FTP accounts, etc. All these exciting applications and tools are included with the CPanel for the benefit of the users.
If you have a personal website or even a small online business, then CPanel is the best control panel that you can choose for you website for its ease of use and its powerful features

Grab This Widget