Author Topic: Server Somehow Got Hacked  (Read 1299 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Server Somehow Got Hacked
« on: September 23, 2025, 07:47:52 PM »
When I'm open any website it's working file and looking all ok. but if I change the user agent to google bot then it shows a spam betting app page.
i deleted all the files from the public_html directory but still it display the same page when I set the useragent as google bot.. but if open normally it shows forbidden as it should be..

Any idea where could the the issue is? I'm facing this issue after I did setup the new server on 6th sep. I installed nothing extra on the server from third party website except csf firewall from the github repo.

Offline
*****
Re: Server Somehow Got Hacked
« Reply #1 on: September 23, 2025, 09:18:46 PM »
If you want to PM me the connection details, I could take a look on your behalf.

Offline
*****
Re: Server Somehow Got Hacked
« Reply #2 on: September 25, 2025, 06:38:34 AM »
I'm trying to track these PHP Injection attacks.

Please advise the following:

What distro are you running CWP on?
What PHP version?

If you don't want it public, you can PM me also.

Thanks

Offline
*
Re: Server Somehow Got Hacked
« Reply #3 on: September 25, 2025, 12:55:33 PM »
I'm trying to track these PHP Injection attacks.

Please advise the following:

What distro are you running CWP on?
What PHP version?

If you don't want it public, you can PM me also.

Thanks

Almalinux 8
PHP Version: Default PHP version: 5.6.37 (Forced PHP-FPM: 8.3)

Offline
*
Re: Server Somehow Got Hacked
« Reply #4 on: September 25, 2025, 12:58:40 PM »
If you want to PM me the connection details, I could take a look on your behalf.

please do not mind.. it's hard to share these details. hope you understood..

Thank you

Offline
*
Re: Server Somehow Got Hacked
« Reply #5 on: September 25, 2025, 01:33:00 PM »
Are you talking about the server itself or just a account?
if is just a account, probably is related with THAT account or website in it.

Offline
*****
Re: Server Somehow Got Hacked
« Reply #6 on: September 25, 2025, 03:57:03 PM »
Do you want to PM the domain name in question so we can see the page, look at the code -- or have you already done that?

Offline
*
Re: Server Somehow Got Hacked
« Reply #7 on: September 25, 2025, 04:09:18 PM »
all of the website in the server is same.. it's not for perticuler domain.. even If I delete all the files from a purticuler domain.. still showing spam page
example

for example.com I deleted all the files inside public_html/* complete blank public_html directory.. but if I view the website as google bot it'll show me the spam page.. but if I open it normally it's show forbidden as it should be..

Offline
*
Re: Server Somehow Got Hacked
« Reply #8 on: September 25, 2025, 04:11:16 PM »
Do you want to PM the domain name in question so we can see the page, look at the code -- or have you already done that?

my question is how could even a blank directory can show a web page when I change the user agent to googlebot (via browser developer tool)

BTW it has been fixed now by the CWP support team.. still I would like to know how it happen...
« Last Edit: September 25, 2025, 04:13:51 PM by gbyteinfotech »

Offline
*
Re: Server Somehow Got Hacked
« Reply #9 on: September 25, 2025, 07:52:41 PM »
CWP Support found malware in the Apache server due to an old version.

Offline
*****
Re: Server Somehow Got Hacked
« Reply #10 on: September 25, 2025, 09:18:18 PM »