is this your dedicated server? or shared or vps?I recently saw these suspicious items in the "mysql" database name and the "user and "db" tables in the "Host" column:
Are these domains and some other IPs normal here?
View attachment 75933View attachment 75937View attachment 75941View attachment 75945
It's VPS for shared hosting, and I'm admin with access root.is this your dedicated server? or shared or vps?
These seem to be the server IPs of my previous years that are no longer available to me.do these IP's belong to you?
No, I do not know these domains and there are no clients or sites with these domains hosted on my server.do you know these domains
are these your domains? or do you have users accounts with these domains - sub-domains?
No, and I strongly oppose spam, and I will never allow a customer to install a spam panel on their site and send spam.do you have any accounts that have Klaviyo: Email & SMS Marketing Automation Platformhttps://www.klaviyo.com › ... › Customer Help
this seems to be an email platform. maybe its sending spam emails, I would check the user's account
As written above the image, the name of the database is mysql and this is the main database of the server in which the username and password of the access database of the accounts on the server are stored. Or, for example, access for the user's phpmyadmin and even remote access to the database.Could you confirm what table and database we're looking at? I wouldn't expect those to show up, but it's hard to say with the information we have.
After one day, I checked the same account again! Strangely, there was no trace of "send.klaviyomsv.com" and it was replaced with the original hostname of my server !!!
That's interesting - I don't have any other suggestions of where that could be, as those are the two most logical places for that to show up. It might be time for a massive grep of /etc/ to see if that name is listed in any configuration files.
I did try looking through the code to see where MySQL determines the host values, but I wasn't able to find that so I'm wondering if that also comes from within MySQL. Searching all tables for that text string might give you some good information also.
No, I use this:
# cat /usr/local/cpanel/version 22.214.171.124 # mysql --version mysql Ver 15.1 Distrib 10.3.34-MariaDB, for Linux (x86_64) using readline 5.1 # hostnamectl Static hostname: *** Icon name: computer-vm Chassis: vm Machine ID: *** Boot ID: *** Virtualization: kvm Operating System: CloudLinux 7.9 (Boris Yegorov) CPE OS Name: cpe:/o:cloudlinux:cloudlinux:7.9:GA:server Kernel: Linux 3.10.0-962.3.2.lve126.96.36.199.el7.x86_64 Architecture: x86-64 # csf -v csf: v14.16 (cPanel)
|Thread starter||Similar threads||Forum||Replies||Date|
|P||Issue with subdomains||Databases||1|
|L||My old centos6 server has MySQL down in all sites/domains use mysql||Databases||14|
|M||two addon domains database replication how||Databases||1|
|B||phpMyAdmin login issue due to multiple domains?||Databases||5|
|M||Software to coordinate management of domains||Databases||9|