Web resources for reporting or checking on already reported exploits?

[Mysticeti]

My cPanel server started sending me alerts today. It would appear that a wordpress exploit was used to start a script that attempts to join a botnet. However, I think the firewall blocked the attempts to contact/join the botnet and after updating WordPress and killing a couple processes the system appears to be working fine (no more alerts and bandwidth/CPU usage are nominal).

However, after looking at the script that was executing and using a couple choice words from it in Google I'm only getting a single hit (pastebin)!

So I'm wondering the script has just been released in the wild or if something else is going on here.

Are their security sites that might help me here?

Any other advice?

Thanks!

 

[vanessa]

I'm not sure that anyone can recommend a single security site that would have the information you're looking for. Perhaps pasting a larger chunk of the code in Google search will return some results. Keep in mind that scripts are often subtly altered so the exact script may not come up

 

[quizknows]

I'm not sure that anyone can recommend a single security site that would have the information you're looking for.

Agreed.

Usually when I find web shells or botnet scripts, I check them with maldet to see if it's one that it would have found. If it's not flagged I use "maldet -c $file " to upload it to them.

 

[cPanelMichael]

However, I think the firewall blocked the attempts to contact/join the botnet and after updating WordPress and killing a couple processes the system appears to be working fine (no more alerts and bandwidth/CPU usage are nominal)

I've not heard of any recent widespread attacks on the WordPress script, but it's fairly common for attackers to target scripts like WordPress due to the number of people who use it. It looks like your firewall handled the attack well.

Thanks.

 

[Mysticeti]

Thanks all. Used maldet -c as advised.