cPanel Redirect 403 from an add-on domain

  • Resolved Rex

    (@rex511)


    5 years, 7 months ago

    So this is my case:
    I’ve bought a host from hostgator, with the linux cpanel years ago, I’ve used this plugin like forever, just this one for security and firewalls. 2 of my sites got hacked and redirected to spam sites, I have no idea how, this plugin is supposed to set up to ban non existent user names, and the existent only one had a name like “fundaadmempresa” with a pass like “asf$vhhs$$!!!”, also changed the log in from “wp-admin” to “fund-adm-gm852” so there was no way to brute force the sites; then in the cPanel, in the Domains > Redirects, a guy from hostgator support told me there were some weird rules, he tried to clean them out but he couldn’t, so he told me the host was hacked; anyhow, instead of cleaning the sites and host, the host renewal is on may, so I opted to buy a new host, rebuilding the webs from scratch and cancel the old one, with a new email, account, etc., (I use macOS Mojave, I have my firewall hyper secured, the credentials are only on my computer, no email, no way to discover or hack them). I haven’t created the main domain because the host’s purpose was only to host the addon domains, so there I was, with the new host, creating the first add-on domain, installing wordpress and adding this security plugin, and I noticed something weird, the Domains > Redirects rules were there, the same ones that the guy from IT told me that were hacked, this new host was untraceable, so I begun to search, and found that those rules were the 403 that this all in one wp security added to the .htaccess, again, there was only 1 addon domain, not even the main domain, so now, I’m breaking my mind thinking how the hell, those rules were installed, in that way that those affected and modified the CPANEL, I get this addon can modify the phpmyadmin for the database, but modify the 403 redirect from the very own cPanel its just weird, now I fear that those rules could be target of some bot to install malware or something, like in the old sites, so anyone have any if those rules can be target of hacking or something like that? is there a way to remove them from the cPanel without removing them from the htaccess? how in the hell the htaccess from an addon domain can modify the cPanel like that?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @rex511,
    Sorry to hear about your ordeal.
    Something which you should be aware of in general is that no security plugin will be the magic bullet to stop your site from being hacked.
    Yes security plugins can mitigate the chances of your wordpress site being hacked, but there are so many levels via which someone can hack you it is near impossible for a wordpress plugin to plug all of those holes.

    Now you say that your cpanel account appears to have been compromised. This plugin is primarily concerned with wordpress protection and does not actually provide specific protection for your cpanel login (which is actually controlled by your host provider).

    Regarding wordpress protection – I’ve seen numerous instances where people install unofficial “free” premium plugins/themes which are infected with malware and which in turn infect the webserver’s file system. Could it be that maybe you installed a tainted plugin/theme?

    Thread Starter Rex

    (@rex511)

    It seems you haven’t read the whole thing, 1 day after creating the new email, buying the new host, within this new host, with no themes installed, with no plugins installed; only the addon domain, wp from the cpanel’s quick install, and only this free “all in one wp security” installed, the moment I configured the firewall, the rules in the htaccess, the same cPanel > Domains > Redirects 403 rules appeared, so I don’t believe it’s a coincidence, but you may be in something, as this plugin is free, may it be infected with malware maybe?

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @rex511,
    Sorry I might’ve missed the part where you said “with no themes installed, with no plugins installed”, but what I was trying to say was that one way people get infected is by installing an infected plugin.

    may it be infected with malware maybe?

    No this plugin does not have malware.
    Like I said before there are quite a few ways in which your server may have been hacked and in this case it looks like they got into your cpanel settings which this plugin cannot protect but your host provider can.

    Thread Starter Rex

    (@rex511)

    I think you missed a lot of parts, mainly the one that a completely new host, a new cpanel, with just 1 day of use, no free themes, with just this free plugin, no other things rather a clean install of wp and this free plugin again, and the moment I installed the plugin, the cPanel > Domains > Redirects 403 rules appeared, then I uninstalled the wp from now he cpanel (+databases) it also uninstalled this free plugin, and the 403 rules were gone… So there are just 2 options, or your plugin installed those rules on the cPanel or your free plugin is infected with malware by being free, you’ve said it yourself you’ve seen free plugins infected, could it be this is happening here?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘cPanel Redirect 403 from an add-on domain’ is closed to new replies.