Skip to main content

Script Capturing Login Details on New Account?

Comments

2 comments

  • rpvw
    This sounds awfully like your server has been exploited - possibly by a Web Shell which are often written in PHP Search in your favourite search engine for web shell php and see if you recognise anything. As for cleaning it up ...... first you need to know if the exploit can access files on other accounts and/or inside the operating system. If there is ANY suspicion that the exploit has escaped out of the account where you found it, the only way to ensure you have dealt with it, is to reinstall the server from scratch. See Why can't I clean a hacked machine - cPanel Knowledge Base - cPanel Documentation If you are confident that the compromise was limited to the new account, you could perhaps run a system wide clamscan, and also install and run a tool like Rootkit Hunter or chkrootkit, however it may be too late to get a true detection rate as the signatures of system files may have already been changed. Going forwards, when you are satisfied your server is 100% free of any malware or compromise, you should take a look at : Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation Recommended Security Settings - cPanel Knowledge Base - cPanel Documentation
    0
  • cPanelLauren
    Hi @Adrian Gonzales The advice provided by @rpvw here is solid, please let us know if you have any questions or concerns once reading through the documentation links he provided. Thanks!
    0

Please sign in to leave a comment.