My server at knownhost was just hacked - Instead of one or more sites getting hacked, they actually installed a new installation of Ubuntu on the server. This essentially erased all content from the server including all web sites, ftp, email, cpanel accts, etc.
The WHM and cpanel passwords were heavily encripted - passwords something like "lzCZCv(lZ5gBtjw2iAuAOh0q"
What access would they have needed to completely wipe a server and then install a new OS ? My OS "was" centos" before it was wiped and replaced with Ubuntu
I don't think it could have been done thru any of the websites on that server, and I don't think a new OS can be installed via cpanel. Am I wrong?
I am thinking that it had to come via WHM or SSH. Your thoughts?
The WHM and cpanel passwords were heavily encripted - passwords something like "lzCZCv(lZ5gBtjw2iAuAOh0q"
What access would they have needed to completely wipe a server and then install a new OS ? My OS "was" centos" before it was wiped and replaced with Ubuntu
I don't think it could have been done thru any of the websites on that server, and I don't think a new OS can be installed via cpanel. Am I wrong?
I am thinking that it had to come via WHM or SSH. Your thoughts?