Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CryptPHP malware warning from DataCenter

Discussion in 'Security' started by armin654, Nov 23, 2014.

Thread Status:
Not open for further replies.
  1. armin654

    armin654 Well-Known Member

    Joined:
    Feb 12, 2014
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Dear Cpanel Users.
    I know that this vulnerability is totally related to Wordpress,Joomla,Drupal and not Cpanel itself.

    But i have some questions about investigating the issue on CentOS as i can't manage the network analysis on this case.

    This is the warning that we have got from Datacenter:


    - Removed -


    Despite the given instruction in the warning message, my question is to know how to realize which domain had outgoing traffic to the destination 192.42.116.41

    Which Tool do we need to use and which log do we need to review which give us the detailed information about the website which had connection to outgoing destination with IP address of "192.42.116.41"

    Any help on this specific case is appreciated also if you have any experience in facing with CryptPHP please kindly share it here.

    Best Regards
     
    #1 armin654, Nov 23, 2014
    Last edited: Nov 23, 2014
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,480
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    re: CryptPHP malware warning from DataCenter

    Please continue working with your Hosting Provider on this issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. armin654

    armin654 Well-Known Member

    Joined:
    Feb 12, 2014
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Re: CryptPHP malware warning from DataCenter

    Dear friend
    It is all about me as i'm managing this server and i haven't ever faced with this issue.
    I'm trying to read the logs of exim and other logs to finding any connection to the mentioned IP address to find out the reasons.
    This is our Cpanel Server on which we are hosting many wordpress and joomla websites.

    Please kindly don't remove the warning message as this topic can help other server owners on the same situation
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,480
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Re: CryptPHP malware warning from DataCenter

    There are plenty of threads on these forums and others that you might look into for tips on viewing logs of your system.

    cPanel cannot assist you with a compromised server. For that, you should hire an expert.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice