The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My cPanel server is compromised

Discussion in 'Security' started by webguyz, Mar 22, 2014.

  1. webguyz

    webguyz Member

    Joined:
    Sep 13, 2011
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Noticed a huge spike in my inbound traffic recently and noticed that it was the ip of my shared cPanel server. Looking at my lanalyzer it showed a lot of dns queries and then a lot of queries to port 80 on all kinds of websites from the IP of my cPanel server.

    I ran Top utility to see if I can find anything and the only thing I saw was a cpanel user who was running 'phpize' for several hours.

    It appears to me that something is on my system that is looking for vulnerabilities on other servers.

    Not sure where to start looking for something like this. I looked at the logs of the user that was running this phpize and don't see anything error_logs
     

    Attached Files:

  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    I will suggest you please check your server through : Determine Your System's Status

    Also you can scan your server through Linux Malware Detect (LMD) You will get the all infected files in maldect scan report
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Do you have any firewall management utilities such as CSF installed on your system? This might help to limit the offending traffic. You may also want to consult with a qualified system administrator for assistance if you are not able to determine the source of the attack.

    Thank you.
     
Loading...

Share This Page