Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Investigating Malware infected websites questions

Discussion in 'Security' started by chetanmadaan, Mar 10, 2017.

  1. chetanmadaan

    chetanmadaan Active Member

    Joined:
    Jun 18, 2010
    Messages:
    34
    Likes Received:
    6
    Trophy Points:
    58
    Hi,

    I have been using cPanel/WHM for a few years now and have been able to figure out a lot of things on m own.

    Almost all the sites I host are on CMSes (Wordpress, Joomla & others) and some of them do get infected from time to time... this is one issue I haven't been able to figure out my self and have to reach back to the host for assistance.

    I would like to know if there is a simple way to figure out the origin of the hack/infection in cases like these.

    For instance, I found a bunch of files under the cPanel account that were most likely not uploaded by FTP and just found there way there.

    Any tips or overall thoughts on this would be appreciated.
     
    #1 chetanmadaan, Mar 10, 2017
  2. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    267
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    If you are hosting CMSes sites , you need to make sure the versions of these CMSes are updated. Schedule a weekly scan or daily scan for malwares , malicious files , make sure the permissions are configured properly. These are some tips.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Eminds, Mar 10, 2017
  3. chetanmadaan

    chetanmadaan Active Member

    Joined:
    Jun 18, 2010
    Messages:
    34
    Likes Received:
    6
    Trophy Points:
    58
    Thanks...

    Yeah, I make sure they are all up to date... one of the things that really quick is that I have CSX running actively and doing scans all the time and sending notifications about it's findings.

    It's just that once every few months/weeks a latest version site would be hacked too and then I can't find anything that would have caused it and just want to know where those files are uploaded from.
     
    #3 chetanmadaan, Mar 10, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,277
    Likes Received:
    1,846
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked:

    Log Files To Check After Account Hacked

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Mar 12, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Investigating Malware infected
  1. Fbarajas

    Mining malware on customer's site

    Fbarajas, Jun 25, 2018, in forum: Security
    Replies:
    2
    Views:
    62
    cPanelLauren
    Jun 25, 2018
  2. robwebdev

    The site ahead contains malware

    robwebdev, May 27, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    3
    Views:
    90
    cPanelLauren
    May 29, 2018
  3. RoboticPuppies

    Need advice about malware on server

    RoboticPuppies, Apr 30, 2018, in forum: Security
    Replies:
    8
    Views:
    220
    RoboticPuppies
    May 3, 2018
  4. DjordjeB

    Malware tmp folder

    DjordjeB, Dec 21, 2017, in forum: Security
    Replies:
    7
    Views:
    506
    cPanelMichael
    Apr 11, 2018
  5. sepehrmm

    Account infected with malware script

    sepehrmm, Nov 18, 2017, in forum: Security
    Replies:
    2
    Views:
    509
    cPanelMichael
    Nov 20, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice