Investigating Malware infected websites questions

[chetanmadaan]

Hi,

I have been using cPanel/WHM for a few years now and have been able to figure out a lot of things on m own.

Almost all the sites I host are on CMSes (Wordpress, Joomla & others) and some of them do get infected from time to time... this is one issue I haven't been able to figure out my self and have to reach back to the host for assistance.

I would like to know if there is a simple way to figure out the origin of the hack/infection in cases like these.

For instance, I found a bunch of files under the cPanel account that were most likely not uploaded by FTP and just found there way there.

Any tips or overall thoughts on this would be appreciated.

 

[Eminds]

If you are hosting CMSes sites , you need to make sure the versions of these CMSes are updated. Schedule a weekly scan or daily scan for malwares , malicious files , make sure the permissions are configured properly. These are some tips.

 

[chetanmadaan]

Thanks...

Yeah, I make sure they are all up to date... one of the things that really quick is that I have CSX running actively and doing scans all the time and sending notifications about it's findings.

It's just that once every few months/weeks a latest version site would be hacked too and then I can't find anything that would have caused it and just want to know where those files are uploaded from.

 

[cPanelMichael]

Hello,

It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your websites. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked:

Log Files To Check After Account Hacked

Thank you.