The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked user on server

Discussion in 'Security' started by JohanSvensson, Feb 18, 2014.

  1. JohanSvensson

    JohanSvensson Registered

    Joined:
    Feb 18, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi!

    Recently one of my clients got hacked, a basic Joomla site with weak password.
    I have been investigating the activity on the account and server, and found some files that have been uploaded.

    They have been spawning a lot of processes with cronjob on the user. The account is Jailed and php is running as the user so I don't thing they have gone any further on my server. Just this user have this type of activity.

    I found one interesting script on my clients account, but its quite hard to "translate" what it's actually doing. (See attached file)
    Someone have any ideas?
     
    #1 JohanSvensson, Feb 18, 2014
    Last edited by a moderator: Feb 18, 2014
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I have removed the attachment, no need for that sort of thing on these forums.

    If you're unsure of what to do here, you might consider contacting your Hosting Provider or hire a System Administrator.
     
  3. jpearl

    jpearl Member

    Joined:
    Oct 28, 2011
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    AZ
    cPanel Access Level:
    Root Administrator
    Delete the script, update joomla, delete the bad cron jobs, and see if the issue is resolved.
     
Loading...

Share This Page