subdomain redirect to fake gmail login

Adib Rahimi

Member
Aug 21, 2014
10
1
53
Kuwait City, Kuwait
cPanel Access Level
Root Administrator
Hello All
I am maneging two didicated WHM Server. while I was checking websites hosted on my server I noticed few websites which is hosted on my servers has a subdomain created and they are redirecting to fake gmail login.

All of this subdomain was created on same day . and they were redirecting to
/_cgi_/accounts.drive.com.*(websitedomain).com

above folder is outside of public_html and contains lots of php script including fake logins and shell script. I found this issue on few websites on both servers.

I was wondering how to avoide this? it dose not seems to be done by using cpanel password of websites. all of them has difficult password.
is this possible to creaate subdomain without login to cpanel? how to track this problem and avoide it. any suggestion?1
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

Were you able to review /usr/local/cpanel/logs/access_log to see if any unknown IP addresses accessed cPanel to create those subdomains?

Thank you.