Looking for an exploited site

Remitur

Active Member
Jan 17, 2018
32
2
8
Ljubljana
cPanel Access Level
Root Administrator
Hello.

I got an abuse alert, which "something" on my cpanel server is trying a brute force against a WordPress site...
Cool: I have the target IP and host, I have few hundereds of log lines, and I guess that the responsible is one of about 300 different WordPress sites which are hosted on my server.

The question is: where can I look to understand what's the exploited site who is trying the attack?!
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,542
207
343
Chesapeake, VA
cPanel Access Level
DataCenter Provider
First thing to check is the output of px auxf and see if htere are rogue processes running and who owns them. Their names are usually misleading, but if you know what is supposed to be there they should stand out. They will also usually have long processor times attached to them.