Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

subdomain redirect to fake gmail login

Discussion in 'Security' started by Adib Rahimi, Apr 26, 2017.

  1. Adib Rahimi

    Adib Rahimi Member

    Joined:
    Aug 21, 2014
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kuwait City, Kuwait
    cPanel Access Level:
    Root Administrator
    Hello All
    I am maneging two didicated WHM Server. while I was checking websites hosted on my server I noticed few websites which is hosted on my servers has a subdomain created and they are redirecting to fake gmail login.

    All of this subdomain was created on same day . and they were redirecting to
    /_cgi_/accounts.drive.com.*(websitedomain).com

    above folder is outside of public_html and contains lots of php script including fake logins and shell script. I found this issue on few websites on both servers.

    I was wondering how to avoide this? it dose not seems to be done by using cpanel password of websites. all of them has difficult password.
    is this possible to creaate subdomain without login to cpanel? how to track this problem and avoide it. any suggestion?1
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Were you able to review /usr/local/cpanel/logs/access_log to see if any unknown IP addresses accessed cPanel to create those subdomains?

    Thank you.
     
Loading...

Share This Page