Skip to main content

Compromised site issue?

Comments

4 comments

  • quizknows
    Because the DST port is 80 it's allowed out. I don't recommend blocking that either, as it will cause problems. What you need to do is find a system administrator to examine running processes. You may be able to use things like netstat, tcpdump, or lsof, but this assumes the malicious activity is ongoing. Most likely clamav or maldet will also turn up your infected account(s) but it is no guarantee. But if the activity has ceased or is not constant this might be the best start.
    0
  • MarceloKonrath
    Thank you very much for your reply In the meantime I work with shared servers. There are about 5,000 hosted websites and this means that many will still be hacked to this end . Your suggestion is great if I had 1 site on the server and not for shared servers since hacks on sites will happen every day since security holes are discovered every day.
    Because the DST port is 80 it's allowed out. I don't recommend blocking that either, as it will cause problems. What you need to do is find a system administrator to examine running processes. You may be able to use things like netstat, tcpdump, or lsof, but this assumes the malicious activity is ongoing. Most likely clamav or maldet will also turn up your infected account(s) but it is no guarantee. But if the activity has ceased or is not constant this might be the best start.

    0
  • cPanelMichael
    Hello, You may want to consider using a third-party application if manually handling this task is outside the scope of what you can do on your own. CloudLinux offers a new product you may find useful (with a free 30-day trial): Imunify360 - Keeps Your Web Servers Safe Thank you.
    0
  • quizknows
    I work in shared hosting too. Just because you see millions of inbound port 80 connections doesn't mean you can't find this from running processes. Connections OUT to port 80 are much more rare even with tons of users. If you cannot find this, find or hire someone who can. I don't say this to be rude. I really like companies like Sucuri or Site Lock if you cannot actively manage hacks yourself.
    0

Please sign in to leave a comment.