Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Server Possibly Compromised

Discussion in 'Security' started by benito, Nov 9, 2016.

  1. benito

    benito Well-Known Member

    Joined:
    Jan 8, 2004
    Messages:
    318
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Mar del Plata - Argentina
    Hello!

    Anyone knows bitninja? Yesterday i got a warning from our datacenter, they received an automated complaint from Bitninja.

    They say one of our servers is attacking their hosts. After i contact them for furter details only gives me this report:

    - Removed -
    I found really hard to figure where in my server the attack is originated. Any suggestion?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 benito, Nov 9, 2016
    Last edited by a moderator: Nov 9, 2016
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you're unsure how to check your server for compromise you should hire someone to help. It does indeed sound like you've got some sort of script on your server doing bad things.

    This isn't an issue with your cPanel though, you need some advice on security, not cPanel assistance.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    267
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    You will need to scan your server with either clamav or maldet in order to locate the malicious files and scripts. Such scripts can generate DDOS attacks , port scanning and SYN Attacks on the other hosts causing issues to their services.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    604
    Likes Received:
    42
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Benito,

    I am agree with Infopro. You have to need scan all websites data also need to enable mod_security on the server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. dld

    dld Member

    Joined:
    Apr 18, 2006
    Messages:
    12
    Likes Received:
    4
    Trophy Points:
    153
    You might also install ConfigServer firewall. Not only will it help block future attacks, but it also includes its own version of ClamAV to scan your present situation.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice