Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

subdomain redirect to fake gmail login

Discussion in 'Security' started by Adib Rahimi, Apr 26, 2017.

  1. Adib Rahimi

    Adib Rahimi Member

    Joined:
    Aug 21, 2014
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kuwait City, Kuwait
    cPanel Access Level:
    Root Administrator
    Hello All
    I am maneging two didicated WHM Server. while I was checking websites hosted on my server I noticed few websites which is hosted on my servers has a subdomain created and they are redirecting to fake gmail login.

    All of this subdomain was created on same day . and they were redirecting to
    /_cgi_/accounts.drive.com.*(websitedomain).com

    above folder is outside of public_html and contains lots of php script including fake logins and shell script. I found this issue on few websites on both servers.

    I was wondering how to avoide this? it dose not seems to be done by using cpanel password of websites. all of them has difficult password.
    is this possible to creaate subdomain without login to cpanel? how to track this problem and avoide it. any suggestion?1
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Were you able to review /usr/local/cpanel/logs/access_log to see if any unknown IP addresses accessed cPanel to create those subdomains?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice