| Posted by iWantServer, 09-13-2011, 12:26 AM | | so i just recently purchased a stablehost shared web hosting [basic].
i set up everything and changed all passes on cpanel and stablehost login
my old pass = 32m$a5gHic!@#^.
and im the only who has the access.
but today, i logged in my cpanel as usual.
and i see the last login IP is
209.17.170.10
which is definitely not my ip (i have a static ip).
and if u go on http://209.17.170.10/
its a teamviewer server. is this some kind of attack server?
i also sent several support ticket asking them if they had any info on this.
"We only keep a day's worth of access logs and there were no entries.
Thanks,
"
thats the reply.
i also did a full scan using Kaspersky on my computer which was recently resinstalled as well.
so is this enough to say the server was hacked???
|
| Posted by ssfred, 09-13-2011, 02:19 AM | | Hello
I think it is your hosting support team's IP. They might have accessed it either to resolve your issue or for checking some settings using WHM. You can get the details of the IP using http://whois.arin.net/rest/nets;q=20...&showARIN=true.
|
| Posted by Tyl3r, 09-13-2011, 05:09 AM | | No, the server wasn't hacked . As we mentioned in the ticket, we suggest scanning your own machine for infected viruses and changing email account password.
Last edited by Tyl3r; 09-13-2011 at 05:17 AM.
|
| Posted by TwineDev, 09-13-2011, 05:27 AM | | When you log into cPanel, are you doing it over a secure connection, are you doing it across a secure network? I have seen people go into cPanel without SSL use, and if you go and do that over an open network (ie, "free Wifi"), you can easily be sniffed.
Just some possibilities.
-Greg
|
| Posted by rnts, 09-13-2011, 08:14 AM | | The IP-address is registred to "***********.com" (209.17.170.10 - NET-209-17-170-0-1);
NetRange: 209.17.170.0 - 209.17.171.255
CIDR: 209.17.170.0/23
OriginAS:
NetName: GT-209-17-170-0-CX
NetHandle: NET-209-17-170-0-1
Parent: NET-209-17-128-0-1
NetType: Reassigned
RegDate: 2008-04-04
Updated: 2008-04-04
Ref: http://whois.arin.net/rest/net/NET-209-17-170-0-1
OrgName: ***********.com
OrgId: ESECU-4
Address: 10252 City Parkway, Suite 206
City: Surrey
StateProv: BC
PostalCode: V3T-4C2
Country: CA
RegDate: 2008-03-31
Updated: 2011-04-15
Ref: http://whois.arin.net/rest/org/ESECU-4
Which is a dc/isp, so no, your server does not look like it's hacked, unless you see weird behaviour or higher than normal resource usage you should be ok. If possible you should always run scans for rootkits etc on your server(s) reguarly.
//T
|
| Posted by iWantServer, 09-13-2011, 09:18 AM | | may i know how did 209.17.170.10 get into my cpanel? is it an admin from stablehost? what is it ?
cuz im using a home wired network thats not the same ip as this one.
and im the only one has the info to cpanel?
|
|
 Add to Favourites
 Print this Article
|
