Looking for an exploited site

R

Remitur

Active Member
Jan 17, 2018
35
3
8
Ljubljana
cPanel Access Level
Root Administrator
Hello.

I got an abuse alert, which "something" on my cpanel server is trying a brute force against a WordPress site...
Cool: I have the target IP and host, I have few hundereds of log lines, and I guess that the responsible is one of about 300 different WordPress sites which are hosted on my server.

The question is: where can I look to understand what's the exploited site who is trying the attack?!
 
GOT

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,772
326
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
First thing to check is the output of px auxf and see if htere are rogue processes running and who owns them. Their names are usually misleading, but if you know what is supposed to be there they should stand out. They will also usually have long processor times attached to them.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
Spirogg SOLVED looking in /opt I see ai-bolit - but I cannot access that directory via root access of my server? Security 7
A Looking for Suspicious Files Question Security 5
R Looking for Security Hardening Service Security 3
R Looking for a Modsecurity Rule that Would Block the IP After a Certain Amount of 403 Errors Security 2
T looking to secure up my server Security 4
Similar threads
SOLVED looking in /opt I see ai-bolit - but I cannot access that directory via root access of my server?
Looking for Suspicious Files Question
Looking for Security Hardening Service
Looking for a Modsecurity Rule that Would Block the IP After a Certain Amount of 403 Errors
looking to secure up my server
Top Bottom