The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Locate Compromised Site on Server?

Discussion in 'Security' started by Ebad, Jan 6, 2016.

  1. Ebad

    Ebad Registered

    Joined:
    Jul 23, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Tehran, Iran
    cPanel Access Level:
    Root Administrator
    Hi friends,

    Today my data center suspend my VPS for DDOS attach reasons. they say one of my clients that have WordPress website, start DDOS attach to another websites using xmlrpc. but i didn't know which of my customers abused!

    Please tel me how i can find which of my clients start DDOS attack. because i must terminate that from my VPS.

    Also please tel me how i can prevention from same issue in next?

    Thanks bodies
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello :),

    Can you please scan your all account with Linux Malware Detect and check if you have any infected file.

    Also try with following commands

    Code:
    find /home*/*/public_html/ -type f -name ".sd0"
    
    find /home*/*/public_html/ -type f -name "*php" -exec grep -l "/usr/bin/host" {} \;
    Please check it : Outbound wp-login.php brute force attack from my cpanel server
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page