Server Possibly Compromised

benito

Well-Known Member
Jan 8, 2004
398
14
168
Mar del Plata - Argentina
cPanel Access Level
Root Administrator
Twitter
Hello!

Anyone knows bitninja? Yesterday i got a warning from our datacenter, they received an automated complaint from Bitninja.

They say one of our servers is attacking their hosts. After i contact them for furter details only gives me this report:

- Removed -
I found really hard to figure where in my server the attack is originated. Any suggestion?

Thanks
 
Last edited by a moderator:

Infopro

Well-Known Member
May 20, 2003
17,090
519
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
If you're unsure how to check your server for compromise you should hire someone to help. It does indeed sound like you've got some sort of script on your server doing bad things.

This isn't an issue with your cPanel though, you need some advice on security, not cPanel assistance.
 

Eminds

Well-Known Member
Nov 10, 2016
319
32
28
India
cPanel Access Level
Root Administrator
You will need to scan your server with either clamav or maldet in order to locate the malicious files and scripts. Such scripts can generate DDOS attacks , port scanning and SYN Attacks on the other hosts causing issues to their services.
 

SysSachin

Well-Known Member
Aug 23, 2015
604
48
28
India
cPanel Access Level
Root Administrator
Twitter
Hello Benito,

I am agree with Infopro. You have to need scan all websites data also need to enable mod_security on the server.