Site keeps getting hacked

CamronFry

BANNED
Jan 1, 2005
49
0
156
I have a site that keeps getting hacked, in the /var/log/secure I see:
Apr 7 00:07:43 server126 Cp-Wrap[15356]: Pushing "32035 CHECKDB black_phpb1" to '/usr/local/cpanel/bin/mysqladmin' for UID: 32035


How is someone able to run cp-wrap remotely?
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
You can stopp hackers and spammers from using your server for their games and such by applying security patches and related programs. PM me if you need help!
 

hostultra

Well-Known Member
Aug 21, 2002
167
0
166
That message is not your problem.
cp-wrap just means a script running from a logged in cpanel user.

The problem is how they logged into the cpanel in the first place.
Probably your using the same mysql password as your cpanel and the hacker is reading your config.php to get the password.