How to Analyse a Bash Script or System like what does they are creating

azadhussnain

Member
May 28, 2020
17
0
1
India
cPanel Access Level
Root Administrator
Hello, my client's servers are suffering from a malware script
They ran a script and then their server is not working properly.
I want to know how can I see that the script created which files , what the script changed in my server . I want to analyse that script so that i can fix the issue
is there any method?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
3,186
398
243
cPanel Access Level
Root Administrator
Hey there! I'm sorry to hear about this malware on your system. Was the script run as the root user or was it run under the files of an individual cPanel user? That would drastically change how this should be handled.

If the issue is with a specific cPanel user, and you know the location of the script, it might be possible to read through it and see what was modified on the domain. It may be easier to copy all the domain's files to another area on the system and then restore the account to an earlier state, and use the two versions to compare what has been changed.

If the issue happened at the root level of the server, the only secure way to fix the issue is to migrate your domains to a new machine with a fresh install of the operating system and cPanel.