The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server Possibly Compromised

Discussion in 'Security' started by benito, Nov 9, 2016.

  1. benito

    benito Well-Known Member

    Joined:
    Jan 8, 2004
    Messages:
    300
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Mar del Plata - Argentina
    Hello!

    Anyone knows bitninja? Yesterday i got a warning from our datacenter, they received an automated complaint from Bitninja.

    They say one of our servers is attacking their hosts. After i contact them for furter details only gives me this report:

    - Removed -
    I found really hard to figure where in my server the attack is originated. Any suggestion?

    Thanks
     
    #1 benito, Nov 9, 2016
    Last edited by a moderator: Nov 9, 2016
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,618
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If you're unsure how to check your server for compromise you should hire someone to help. It does indeed sound like you've got some sort of script on your server doing bad things.

    This isn't an issue with your cPanel though, you need some advice on security, not cPanel assistance.
     
  3. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    175
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    You will need to scan your server with either clamav or maldet in order to locate the malicious files and scripts. Such scripts can generate DDOS attacks , port scanning and SYN Attacks on the other hosts causing issues to their services.
     
  4. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    542
    Likes Received:
    39
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Benito,

    I am agree with Infopro. You have to need scan all websites data also need to enable mod_security on the server.
     
  5. dld

    dld Member

    Joined:
    Apr 18, 2006
    Messages:
    12
    Likes Received:
    4
    Trophy Points:
    153
    You might also install ConfigServer firewall. Not only will it help block future attacks, but it also includes its own version of ClamAV to scan your present situation.
     
Loading...

Share This Page