My cPanel server is compromised

webguyz

Member
Sep 13, 2011
12
0
51
cPanel Access Level
DataCenter Provider
Noticed a huge spike in my inbound traffic recently and noticed that it was the ip of my shared cPanel server. Looking at my lanalyzer it showed a lot of dns queries and then a lot of queries to port 80 on all kinds of websites from the IP of my cPanel server.

I ran Top utility to see if I can find anything and the only thing I saw was a cpanel user who was running 'phpize' for several hours.

It appears to me that something is on my system that is looking for vulnerabilities on other servers.

Not sure where to start looking for something like this. I looked at the logs of the user that was running this phpize and don't see anything error_logs
 

Attachments

24x7server

Well-Known Member
Apr 17, 2013
1,907
95
78
India
cPanel Access Level
Root Administrator
Hello,

I will suggest you please check your server through : Determine Your System's Status

Also you can scan your server through Linux Malware Detect (LMD) You will get the all infected files in maldect scan report
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Do you have any firewall management utilities such as CSF installed on your system? This might help to limit the offending traffic. You may also want to consult with a qualified system administrator for assistance if you are not able to determine the source of the attack.

Thank you.