Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Locate Compromised Site on Server?

Discussion in 'Security' started by Ebad, Jan 6, 2016.

  1. Ebad

    Ebad Registered

    Joined:
    Jul 23, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Tehran, Iran
    cPanel Access Level:
    Root Administrator
    Hi friends,

    Today my data center suspend my VPS for DDOS attach reasons. they say one of my clients that have WordPress website, start DDOS attach to another websites using xmlrpc. but i didn't know which of my customers abused!

    Please tel me how i can find which of my clients start DDOS attack. because i must terminate that from my VPS.

    Also please tel me how i can prevention from same issue in next?

    Thanks bodies
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,864
    Likes Received:
    89
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello :),

    Can you please scan your all account with Linux Malware Detect and check if you have any infected file.

    Also try with following commands

    Code:
    find /home*/*/public_html/ -type f -name ".sd0"
    
    find /home*/*/public_html/ -type f -name "*php" -exec grep -l "/usr/bin/host" {} \;
    Please check it : Outbound wp-login.php brute force attack from my cpanel server
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,762
    Likes Received:
    1,886
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice