The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CryptPHP malware warning from DataCenter

Discussion in 'Security' started by armin654, Nov 23, 2014.

Thread Status:
Not open for further replies.
  1. armin654

    armin654 Well-Known Member

    Joined:
    Feb 12, 2014
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Dear Cpanel Users.
    I know that this vulnerability is totally related to Wordpress,Joomla,Drupal and not Cpanel itself.

    But i have some questions about investigating the issue on CentOS as i can't manage the network analysis on this case.

    This is the warning that we have got from Datacenter:


    - Removed -


    Despite the given instruction in the warning message, my question is to know how to realize which domain had outgoing traffic to the destination 192.42.116.41

    Which Tool do we need to use and which log do we need to review which give us the detailed information about the website which had connection to outgoing destination with IP address of "192.42.116.41"

    Any help on this specific case is appreciated also if you have any experience in facing with CryptPHP please kindly share it here.

    Best Regards
     
    #1 armin654, Nov 23, 2014
    Last edited: Nov 23, 2014
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    re: CryptPHP malware warning from DataCenter

    Please continue working with your Hosting Provider on this issue.
     
  3. armin654

    armin654 Well-Known Member

    Joined:
    Feb 12, 2014
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Re: CryptPHP malware warning from DataCenter

    Dear friend
    It is all about me as i'm managing this server and i haven't ever faced with this issue.
    I'm trying to read the logs of exim and other logs to finding any connection to the mentioned IP address to find out the reasons.
    This is our Cpanel Server on which we are hosting many wordpress and joomla websites.

    Please kindly don't remove the warning message as this topic can help other server owners on the same situation
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Re: CryptPHP malware warning from DataCenter

    There are plenty of threads on these forums and others that you might look into for tips on viewing logs of your system.

    cPanel cannot assist you with a compromised server. For that, you should hire an expert.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page