afridy — 2012-06-08T17:01:44-04:00 — #1
we are a reseller provider. we are having a shared reseller hosting account at (somehostingcompany).
recently all our client site hacked through whmcs and all home pages are defaced.
our reseller provider not helping us to restore the hacked websites form the backup.
so now i wanted to do somthing by myself.
now all the hacked sites redirects to http://www.clientsite.com/cgi-sys/defaultwebpage.cgi
I have no idea how to change this to client default index.php or index.html page
i found the hackers default page at WHM>Account functions > template editor and deleted in our WHM Panel.
but still those sites are redirecting to the above link only. please help me to get rid of this fefaultwebpage.cgi thing.
dklynn — 2012-06-08T19:50:39-04:00 — #2
Change ALL your passwords and use VERY strong passwords (http://strongpasswordgenerator.com).
DELETE all files from your website(s).
Upload all files from your own master copy, NOT from backups on the server!
If you're using PHP as a cgi module, change to SuPHP to eliminate an attack mode.
Review all your scripts for poor coding practices.
afridy — 2012-06-09T00:49:52-04:00 — #3
Thank you for the answer and ill try your suggessions...