CryptPHP malware warning from DataCenter

Status
Not open for further replies.

armin654

Well-Known Member
Feb 12, 2014
45
0
6
cPanel Access Level
Root Administrator
Dear Cpanel Users.
I know that this vulnerability is totally related to Wordpress,Joomla,Drupal and not Cpanel itself.

But i have some questions about investigating the issue on CentOS as i can't manage the network analysis on this case.

This is the warning that we have got from Datacenter:


- Removed -


Despite the given instruction in the warning message, my question is to know how to realize which domain had outgoing traffic to the destination 192.42.116.41

Which Tool do we need to use and which log do we need to review which give us the detailed information about the website which had connection to outgoing destination with IP address of "192.42.116.41"

Any help on this specific case is appreciated also if you have any experience in facing with CryptPHP please kindly share it here.

Best Regards
 
Last edited:

armin654

Well-Known Member
Feb 12, 2014
45
0
6
cPanel Access Level
Root Administrator
Re: CryptPHP malware warning from DataCenter

Dear friend
It is all about me as i'm managing this server and i haven't ever faced with this issue.
I'm trying to read the logs of exim and other logs to finding any connection to the mentioned IP address to find out the reasons.
This is our Cpanel Server on which we are hosting many wordpress and joomla websites.

Please kindly don't remove the warning message as this topic can help other server owners on the same situation
 

Infopro

Well-Known Member
May 20, 2003
17,090
519
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Re: CryptPHP malware warning from DataCenter

There are plenty of threads on these forums and others that you might look into for tips on viewing logs of your system.

cPanel cannot assist you with a compromised server. For that, you should hire an expert.
 
Status
Not open for further replies.